Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bbee4f98b4f54110ff9a0273ecc2f4073fe333ab83b030d8ad57ff5afd0a85c

  • Size

    506KB

  • Sample

    211130-hrlcwaebcn

  • MD5

    65f0cf6aab8d7fe8176d25d9cebfe4f7

  • SHA1

    cf5fec8b9a73dc5e73d5e3ff5ecc7a4561664e77

  • SHA256

    9bbee4f98b4f54110ff9a0273ecc2f4073fe333ab83b030d8ad57ff5afd0a85c

  • SHA512

    c761a66c49dff0822df69a3da49ef5171d5c1931fc2561f7eab03dd4d717cd651a9bbaeee5824b01e1cc3d86d6a3f77eb42da016250417a05d880cf16dc4043d

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      9bbee4f98b4f54110ff9a0273ecc2f4073fe333ab83b030d8ad57ff5afd0a85c

    • Size

      506KB

    • MD5

      65f0cf6aab8d7fe8176d25d9cebfe4f7

    • SHA1

      cf5fec8b9a73dc5e73d5e3ff5ecc7a4561664e77

    • SHA256

      9bbee4f98b4f54110ff9a0273ecc2f4073fe333ab83b030d8ad57ff5afd0a85c

    • SHA512

      c761a66c49dff0822df69a3da49ef5171d5c1931fc2561f7eab03dd4d717cd651a9bbaeee5824b01e1cc3d86d6a3f77eb42da016250417a05d880cf16dc4043d

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Change Default File Association

1
T1042

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks