Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    465KB

  • Sample

    211004-kr6d6agbbr

  • MD5

    fd31986696a39355b9e100754b4724e3

  • SHA1

    4f1045ce5437b5a761c02a1446c0defd89280ddb

  • SHA256

    a58aca3d20dec5c5f100ade6a9f6182f5f7a783f8269cb032e20780041e44f08

  • SHA512

    bbb78d8f77973f2349a0a82e3e9ab046b79cdd37053375c5d21b7297c36b587e0809bced70f38d4d621af28f04fdca5701c294e04d4cf04f09582ada580a7ffb

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      vbc.exe

    • Size

      465KB

    • MD5

      fd31986696a39355b9e100754b4724e3

    • SHA1

      4f1045ce5437b5a761c02a1446c0defd89280ddb

    • SHA256

      a58aca3d20dec5c5f100ade6a9f6182f5f7a783f8269cb032e20780041e44f08

    • SHA512

      bbb78d8f77973f2349a0a82e3e9ab046b79cdd37053375c5d21b7297c36b587e0809bced70f38d4d621af28f04fdca5701c294e04d4cf04f09582ada580a7ffb

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks