Overview

overview

10

Static

static

10

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20c2fcc0fe77cbf1f80e1d95e80bcaafded7a6605dc525175d9d6a7e2243aca4

  • Size

    1.0MB

  • Sample

    211011-qnyssshcd5

  • MD5

    3da25eeec25c2971a573681064c76b29

  • SHA1

    6fd2b9999b08dfa4410ebc92325e64dcfbfdcca6

  • SHA256

    20c2fcc0fe77cbf1f80e1d95e80bcaafded7a6605dc525175d9d6a7e2243aca4

  • SHA512

    050330bcaf1a32a4f6694bb7b1d50f6a9822787c4978f317dc4204382368ea102db1453ae40d1712fcea8bf97f8f45f85f7d0bfa0e8e946ab8435ca05cc8d23c

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      20c2fcc0fe77cbf1f80e1d95e80bcaafded7a6605dc525175d9d6a7e2243aca4

    • Size

      1.0MB

    • MD5

      3da25eeec25c2971a573681064c76b29

    • SHA1

      6fd2b9999b08dfa4410ebc92325e64dcfbfdcca6

    • SHA256

      20c2fcc0fe77cbf1f80e1d95e80bcaafded7a6605dc525175d9d6a7e2243aca4

    • SHA512

      050330bcaf1a32a4f6694bb7b1d50f6a9822787c4978f317dc4204382368ea102db1453ae40d1712fcea8bf97f8f45f85f7d0bfa0e8e946ab8435ca05cc8d23c

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks