Overview

overview

10

Static

static

8

AN HAI 273...20.doc

windows7_x64

1

AN HAI 273...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file._

  • Size

    25KB

  • Sample

    211129-t6t44scdfn

  • MD5

    d1ccc4c14c77d812df22bdf4e32f34e4

  • SHA1

    5d78f025738af621d64b3666553ddb04678895a4

  • SHA256

    390f5ea35dbe68a871181a98dab7c3eec7d87124726a79320d5197f517ce8616

  • SHA512

    fe288eefd02b1b9d53be64a721945de6d09b9ae33096707ad0dd51f2adc9392a16f27a46fa443ce620f6a492c46ba51b5811225afb13eee95ca32ef8d65e7001

Score
10/10
neshtamacromacro_on_actionpersistencespywarestealer

Malware Config

Targets

    • Target

      AN HAI 273 V-S159 1606 KAO-BK =GG-10-2020.doc

    • Size

      303KB

    • MD5

      fea600c8597e2b7931a9f6f781a2b43a

    • SHA1

      eec64a5c8119268b5d13873747bc3f05c33dc6cb

    • SHA256

      d040437bdc2a5c34ca7ffeb1f46f6adf82b6e5492748ec22b630a918b53a2b95

    • SHA512

      598d74bab9b8bfc9eb0fcfe623dccbd6d7825d74bf7228b76221bcc3732d7ce7d9b09cf45fa3638aefe966d90fef00267b630c991da62c94a0bb62405f9bb777

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks