tmp/cb44d089-9c8a-42a2-9a3c-1095647f7398_1016.exe

General
Target

tmp/cb44d089-9c8a-42a2-9a3c-1095647f7398_1016.exe

Size

4MB

Sample

211228-fm17escacl

Score
10 /10
MD5

313c82449546d79cfdc7c42295bd80d7

SHA1

d4a1753a524f6cfcef08cfd429ef4291e54df7a8

SHA256

e0eb4d976cc6ba910c0dda90ea2da992e777c0dd46c7fb3e9256dc6a67b44731

SHA512

6896427b300a03c113038a9c1993ce06b7165e130eb33421f4227162b4dbe59769d473daa1cbc4f6219c859510bf2bcb4a934013d4942859ff3b9bf70297b7b7

Malware Config
Targets
Target

tmp/cb44d089-9c8a-42a2-9a3c-1095647f7398_1016.exe

MD5

313c82449546d79cfdc7c42295bd80d7

Filesize

4MB

Score
10/10
SHA1

d4a1753a524f6cfcef08cfd429ef4291e54df7a8

SHA256

e0eb4d976cc6ba910c0dda90ea2da992e777c0dd46c7fb3e9256dc6a67b44731

SHA512

6896427b300a03c113038a9c1993ce06b7165e130eb33421f4227162b4dbe59769d473daa1cbc4f6219c859510bf2bcb4a934013d4942859ff3b9bf70297b7b7

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1