General
-
Target
Euro_swift_pdf.exe
-
Size
247KB
-
Sample
210819-t4q7e5jvp6
-
MD5
113dce66c3dbdcd17f9d193c883e983e
-
SHA1
0c9097e98f090d10597fdcac72f729fb76a219b2
-
SHA256
b8344e9c1ee03f949c70959828a08e1f73f198d58e6721b95676d54a7e6cb6be
-
SHA512
f8d95727089ae3f59f0bceca6ad43442cc9eba39d6db7096295b8af49d2ac63888c556445d3ee51b6043276e25eedbefad5e6a727a38dc1aca4455e75ec26c8e
Malware Config
Targets
-
-
Target
Euro_swift_pdf.exe
-
Size
247KB
-
MD5
113dce66c3dbdcd17f9d193c883e983e
-
SHA1
0c9097e98f090d10597fdcac72f729fb76a219b2
-
SHA256
b8344e9c1ee03f949c70959828a08e1f73f198d58e6721b95676d54a7e6cb6be
-
SHA512
f8d95727089ae3f59f0bceca6ad43442cc9eba39d6db7096295b8af49d2ac63888c556445d3ee51b6043276e25eedbefad5e6a727a38dc1aca4455e75ec26c8e
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-