Overview

overview

10

Static

static

tmp/b3fa4a...09.exe

windows7_x64

10

tmp/b3fa4a...09.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

  • Size

    3MB

  • Sample

    211228-fpxl1scacp

  • MD5

    0df509291dbe0de01efd4e59b5c3b2dc

  • SHA1

    06e97544849ce889a83e3c4f5bc74c99971d668d

  • SHA256

    bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

  • SHA512

    3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

    • Size

      3MB

    • MD5

      0df509291dbe0de01efd4e59b5c3b2dc

    • SHA1

      06e97544849ce889a83e3c4f5bc74c99971d668d

    • SHA256

      bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

    • SHA512

      3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

    Credential Access

    Defense Evasion

    Discovery

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

              Privilege Escalation

                Tasks