tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

General
Target

tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

Size

3MB

Sample

211228-fpxl1scacp

Score
10 /10
MD5

0df509291dbe0de01efd4e59b5c3b2dc

SHA1

06e97544849ce889a83e3c4f5bc74c99971d668d

SHA256

bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

SHA512

3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

Malware Config
Targets
Target

tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

MD5

0df509291dbe0de01efd4e59b5c3b2dc

Filesize

3MB

Score
10/10
SHA1

06e97544849ce889a83e3c4f5bc74c99971d668d

SHA256

bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

SHA512

3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1