Overview

overview

10

Static

static

EA01 V21-2...df.exe

windows7_x64

10

EA01 V21-2...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EA01 V21-20_Draft BL_pdf.exe

  • Size

    420KB

  • Sample

    211006-pwrtsabba6

  • MD5

    677debbec0f889404abc3bfdf3759b84

  • SHA1

    f274992507f2caa6c24572f5c303bbf4648e66e3

  • SHA256

    5597878b9d511ad8a3e93423174ce90b689523fb00912e93bc704db788539ec8

  • SHA512

    1715dd54dd7dbd70d416a1b077141fd8211a53b2fca77b1898c670a9e5a6d9f2f231d0e556a50a44284c71b861c26d65600890b18abe1e461a927f3fbc896bd7

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      EA01 V21-20_Draft BL_pdf.exe

    • Size

      420KB

    • MD5

      677debbec0f889404abc3bfdf3759b84

    • SHA1

      f274992507f2caa6c24572f5c303bbf4648e66e3

    • SHA256

      5597878b9d511ad8a3e93423174ce90b689523fb00912e93bc704db788539ec8

    • SHA512

      1715dd54dd7dbd70d416a1b077141fd8211a53b2fca77b1898c670a9e5a6d9f2f231d0e556a50a44284c71b861c26d65600890b18abe1e461a927f3fbc896bd7

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks