tmp/1f732dad-540b-40f2-8e96-ece256af6051_1006.exe

General
Target

tmp/1f732dad-540b-40f2-8e96-ece256af6051_1006.exe

Size

3MB

Sample

211228-frq71sddh5

Score
10 /10
MD5

8900fe14a0b6f8bce07e8544753a5489

SHA1

03735c613ea906da4e0a57390fc968b17268ded1

SHA256

5d7d8c5bf6c22376174fd83c86ba78d024a4d30ca0ad2657d65daca35ba3ba6e

SHA512

3bdc8d0fcb8f3536b988fb7a7ca9fc60ecf7a6beaf6baa5f9909656ca9f9012a70854af0568e2ae3e29893bc6b81ec6e089eb7cda11206245779ec8fbfa90833

Malware Config
Targets
Target

tmp/1f732dad-540b-40f2-8e96-ece256af6051_1006.exe

MD5

8900fe14a0b6f8bce07e8544753a5489

Filesize

3MB

Score
10/10
SHA1

03735c613ea906da4e0a57390fc968b17268ded1

SHA256

5d7d8c5bf6c22376174fd83c86ba78d024a4d30ca0ad2657d65daca35ba3ba6e

SHA512

3bdc8d0fcb8f3536b988fb7a7ca9fc60ecf7a6beaf6baa5f9909656ca9f9012a70854af0568e2ae3e29893bc6b81ec6e089eb7cda11206245779ec8fbfa90833

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1