Overview

overview

10

Static

static

1

PI JFMY-PS211130.exe

windows7_x64

10

PI JFMY-PS211130.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI JFMY-PS211130.exe

  • Size

    349KB

  • Sample

    211207-lbl61sbdg8

  • MD5

    7cff5cadc7bf962189c95658af8a88e4

  • SHA1

    e128aa88dcf9d1278405060f7f6404af16edcba1

  • SHA256

    5f6ddf82a669dc9eb8f67d740cf40836f4618fdf396c1daaff74cb305b8a89a9

  • SHA512

    6fdbecd32d1fd33e4f309c21b5cb1a1be7b0f45dda1412e9382e9793c070c849303e77ca811605b9f20918f3c596ede8c1064e6a791584c515d8d4589a0b1238

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      PI JFMY-PS211130.exe

    • Size

      349KB

    • MD5

      7cff5cadc7bf962189c95658af8a88e4

    • SHA1

      e128aa88dcf9d1278405060f7f6404af16edcba1

    • SHA256

      5f6ddf82a669dc9eb8f67d740cf40836f4618fdf396c1daaff74cb305b8a89a9

    • SHA512

      6fdbecd32d1fd33e4f309c21b5cb1a1be7b0f45dda1412e9382e9793c070c849303e77ca811605b9f20918f3c596ede8c1064e6a791584c515d8d4589a0b1238

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks