Euro_swift_pdf.exe

General
Target

Euro_swift_pdf.exe

Size

247KB

Sample

210819-t4q7e5jvp6

Score
10 /10
MD5

113dce66c3dbdcd17f9d193c883e983e

SHA1

0c9097e98f090d10597fdcac72f729fb76a219b2

SHA256

b8344e9c1ee03f949c70959828a08e1f73f198d58e6721b95676d54a7e6cb6be

SHA512

f8d95727089ae3f59f0bceca6ad43442cc9eba39d6db7096295b8af49d2ac63888c556445d3ee51b6043276e25eedbefad5e6a727a38dc1aca4455e75ec26c8e

Malware Config
Targets
Target

Euro_swift_pdf.exe

MD5

113dce66c3dbdcd17f9d193c883e983e

Filesize

247KB

Score
10 /10
SHA1

0c9097e98f090d10597fdcac72f729fb76a219b2

SHA256

b8344e9c1ee03f949c70959828a08e1f73f198d58e6721b95676d54a7e6cb6be

SHA512

f8d95727089ae3f59f0bceca6ad43442cc9eba39d6db7096295b8af49d2ac63888c556445d3ee51b6043276e25eedbefad5e6a727a38dc1aca4455e75ec26c8e

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify Registry Change Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1