Overview

overview

10

Static

static

10

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3d59149a2b1ddb119228ca898c8f6ea1a9256b9567f00bfb1529283960b34d8

  • Size

    506KB

  • Sample

    211008-vncb1segen

  • MD5

    7d22685ef9d80598a24d2f096e527da9

  • SHA1

    458b1d290faa64ebbe4c5989229bacc060bd8713

  • SHA256

    a3d59149a2b1ddb119228ca898c8f6ea1a9256b9567f00bfb1529283960b34d8

  • SHA512

    ca691bfae066e4dc2298e803f23055e999c405b170165f3c4658b232ce0a820e356347cfe164dc046a763842a2d42d4d3a241792d88f3754b5b3ddf484f976f3

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      a3d59149a2b1ddb119228ca898c8f6ea1a9256b9567f00bfb1529283960b34d8

    • Size

      506KB

    • MD5

      7d22685ef9d80598a24d2f096e527da9

    • SHA1

      458b1d290faa64ebbe4c5989229bacc060bd8713

    • SHA256

      a3d59149a2b1ddb119228ca898c8f6ea1a9256b9567f00bfb1529283960b34d8

    • SHA512

      ca691bfae066e4dc2298e803f23055e999c405b170165f3c4658b232ce0a820e356347cfe164dc046a763842a2d42d4d3a241792d88f3754b5b3ddf484f976f3

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks