Overview

overview

10

Static

static

10

1b04654c14...8f.exe

windows7_x64

10

1b04654c14...8f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b04654c14fdc19c54a855598f2aec8f.exe

  • Size

    133KB

  • Sample

    211101-kta12aebbj

  • MD5

    1b04654c14fdc19c54a855598f2aec8f

  • SHA1

    d0e74542ea095620ad2c00c0027654829592aa82

  • SHA256

    3584d148b7a74670cb6e633744de9b90f53ba0388ee9af369bb82503446212a7

  • SHA512

    d4277601ebd28987b8e30d3cb9fe392e54d0615abd412422aaf85ceb2f1bea5ece0b3c90818d1ca9db0d30cee0a1fe8142c4f023b351b8ea72734eacacd0de83

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      1b04654c14fdc19c54a855598f2aec8f.exe

    • Size

      133KB

    • MD5

      1b04654c14fdc19c54a855598f2aec8f

    • SHA1

      d0e74542ea095620ad2c00c0027654829592aa82

    • SHA256

      3584d148b7a74670cb6e633744de9b90f53ba0388ee9af369bb82503446212a7

    • SHA512

      d4277601ebd28987b8e30d3cb9fe392e54d0615abd412422aaf85ceb2f1bea5ece0b3c90818d1ca9db0d30cee0a1fe8142c4f023b351b8ea72734eacacd0de83

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks