tmp/25aeffc1-eb6f-4f51-9f76-2ddaaaeb65f2_1007.exe

General
Target

tmp/25aeffc1-eb6f-4f51-9f76-2ddaaaeb65f2_1007.exe

Size

2MB

Sample

211228-fm17escack

Score
10 /10
MD5

687cb42f614773145b672ea5de18aa2c

SHA1

3aa9bc7bb65d8b3cc4fb2dd11ef3603b458ead02

SHA256

be4ae8c97d86406b0b6cda20d56f7a6293d99d7a6d72152fc895e23b346e55f6

SHA512

a9410acc4a22af14dac93653d18543733a6453a8d8f70eaef7582c598784ef16aa02cf0cd673eebc434f736a49f2f76997e1ac6ecfa3e86114b72424932d6b75

Malware Config
Targets
Target

tmp/25aeffc1-eb6f-4f51-9f76-2ddaaaeb65f2_1007.exe

MD5

687cb42f614773145b672ea5de18aa2c

Filesize

2MB

Score
10/10
SHA1

3aa9bc7bb65d8b3cc4fb2dd11ef3603b458ead02

SHA256

be4ae8c97d86406b0b6cda20d56f7a6293d99d7a6d72152fc895e23b346e55f6

SHA512

a9410acc4a22af14dac93653d18543733a6453a8d8f70eaef7582c598784ef16aa02cf0cd673eebc434f736a49f2f76997e1ac6ecfa3e86114b72424932d6b75

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1