Overview

overview

10

Static

static

10

a970b0c0fe...00.exe

windows7_x64

10

a970b0c0fe...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a970b0c0fee23738223da299caafc800.exe

  • Size

    455KB

  • Sample

    211012-af6wfaafd7

  • MD5

    a970b0c0fee23738223da299caafc800

  • SHA1

    eeffbde95c891a437ecf025a4079eff3f5b67210

  • SHA256

    53125b8ade45028207dd476148af9011bb4db4aa4c6427ed8fa1d14f90bab2c4

  • SHA512

    be05a5034217fa057ccf553887e72c0db1df71425501f5381c2a7b856c12230aab546d8e61a7063cb750ff964061e97f38529d5d8c20b18b0a5bbaaad33bb3cf

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      a970b0c0fee23738223da299caafc800.exe

    • Size

      455KB

    • MD5

      a970b0c0fee23738223da299caafc800

    • SHA1

      eeffbde95c891a437ecf025a4079eff3f5b67210

    • SHA256

      53125b8ade45028207dd476148af9011bb4db4aa4c6427ed8fa1d14f90bab2c4

    • SHA512

      be05a5034217fa057ccf553887e72c0db1df71425501f5381c2a7b856c12230aab546d8e61a7063cb750ff964061e97f38529d5d8c20b18b0a5bbaaad33bb3cf

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks