tmp/c6dffc4e-7a0d-4cb0-9a3a-b3e327e0d1dd_1003.exe

General
Target

tmp/c6dffc4e-7a0d-4cb0-9a3a-b3e327e0d1dd_1003.exe

Size

930KB

Sample

211228-fte8jacadk

Score
10 /10
MD5

f216fec248b643e7def093cb7fdddb2c

SHA1

e13794371af188551bdd02e4d569d71b51fae2d3

SHA256

f3e9c213d0e32dc314919c6932b1924d7c97c82c5dcb846179436f75660381d1

SHA512

b1de56cd14f7a6cc708b46e7b764538abc78b8d309be6ee5c3923a6152cca044bf945f726c9922566ab793c57adc76f90dedb8bf5fd4a2f2a091c73fb6c062e6

Malware Config
Targets
Target

tmp/c6dffc4e-7a0d-4cb0-9a3a-b3e327e0d1dd_1003.exe

MD5

f216fec248b643e7def093cb7fdddb2c

Filesize

930KB

Score
10/10
SHA1

e13794371af188551bdd02e4d569d71b51fae2d3

SHA256

f3e9c213d0e32dc314919c6932b1924d7c97c82c5dcb846179436f75660381d1

SHA512

b1de56cd14f7a6cc708b46e7b764538abc78b8d309be6ee5c3923a6152cca044bf945f726c9922566ab793c57adc76f90dedb8bf5fd4a2f2a091c73fb6c062e6

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1