Overview

overview

10

Static

static

tmp/a1662b...02.exe

windows7_x64

10

tmp/a1662b...02.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp/a1662be5-74e9-4a9b-9662-ca7666ba82c8_1002.exe

  • Size

    2.7MB

  • Sample

    211228-frs2lscacq

  • MD5

    b99e52186d2c0f482592184c034a5b42

  • SHA1

    4b3148537c594400283cdbcbb01cad18887cd745

  • SHA256

    3ae96468f8fd491e673fd862d5926da87b33cea066038910b29ed3d493f5e9f3

  • SHA512

    e3df8ba7327e2cd0d0fe064ac2ff95b7ff2a34aa2cf39f2822973827bc06205b8fb2b1246bbce9393ffcfa3e8545634d10a6256feea20b8341a9be5be6d7bf34

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      tmp/a1662be5-74e9-4a9b-9662-ca7666ba82c8_1002.exe

    • Size

      2.7MB

    • MD5

      b99e52186d2c0f482592184c034a5b42

    • SHA1

      4b3148537c594400283cdbcbb01cad18887cd745

    • SHA256

      3ae96468f8fd491e673fd862d5926da87b33cea066038910b29ed3d493f5e9f3

    • SHA512

      e3df8ba7327e2cd0d0fe064ac2ff95b7ff2a34aa2cf39f2822973827bc06205b8fb2b1246bbce9393ffcfa3e8545634d10a6256feea20b8341a9be5be6d7bf34

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks