General
Target

tmp/a1662be5-74e9-4a9b-9662-ca7666ba82c8_1002.exe

Size

2MB

Sample

211228-frs2lscacq

Score
10/10
MD5

b99e52186d2c0f482592184c034a5b42

SHA1

4b3148537c594400283cdbcbb01cad18887cd745

SHA256

3ae96468f8fd491e673fd862d5926da87b33cea066038910b29ed3d493f5e9f3

SHA512

e3df8ba7327e2cd0d0fe064ac2ff95b7ff2a34aa2cf39f2822973827bc06205b8fb2b1246bbce9393ffcfa3e8545634d10a6256feea20b8341a9be5be6d7bf34

Malware Config
Targets
Target

tmp/a1662be5-74e9-4a9b-9662-ca7666ba82c8_1002.exe

MD5

b99e52186d2c0f482592184c034a5b42

Filesize

2MB

Score
10/10
SHA1

4b3148537c594400283cdbcbb01cad18887cd745

SHA256

3ae96468f8fd491e673fd862d5926da87b33cea066038910b29ed3d493f5e9f3

SHA512

e3df8ba7327e2cd0d0fe064ac2ff95b7ff2a34aa2cf39f2822973827bc06205b8fb2b1246bbce9393ffcfa3e8545634d10a6256feea20b8341a9be5be6d7bf34

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                Score
                N/A

                behavioral1

                Score
                10/10

                behavioral2

                Score
                10/10