abdedf498be2483a583d52b054d3685e.exe

General
Target

abdedf498be2483a583d52b054d3685e.exe

Size

178KB

Sample

210912-tkm4nscdg7

Score
10 /10
MD5

abdedf498be2483a583d52b054d3685e

SHA1

4cac54930e059ba7ad5fa65c24175f596fffe3f0

SHA256

3f503cea0168fe927f9f93166c4d9677b39c7365c43dd0d1fafa1696889e2670

SHA512

16a8bdccd9e2d597951dcdf123146cf17fc8472cdeca5ef911b9603ed020b378cefb209aa12b50e5ac0616d4a5e0beb805cde92ccb45c0309850d7ec577a0c02

Malware Config
Targets
Target

abdedf498be2483a583d52b054d3685e.exe

MD5

abdedf498be2483a583d52b054d3685e

Filesize

178KB

Score
10 /10
SHA1

4cac54930e059ba7ad5fa65c24175f596fffe3f0

SHA256

3f503cea0168fe927f9f93166c4d9677b39c7365c43dd0d1fafa1696889e2670

SHA512

16a8bdccd9e2d597951dcdf123146cf17fc8472cdeca5ef911b9603ed020b378cefb209aa12b50e5ac0616d4a5e0beb805cde92ccb45c0309850d7ec577a0c02

Tags

Signatures

  • AsyncRat

    Description

    AsyncRAT is designed to remotely monitor and control other computers.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify Registry Change Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Async RAT payload

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation