tmp/44281f6f-da9d-409d-b3d5-f6214f797be4_1004.exe

General
Target

tmp/44281f6f-da9d-409d-b3d5-f6214f797be4_1004.exe

Size

2MB

Sample

211228-ftqz2acadn

Score
10 /10
MD5

606adb006089363b2be9638a921fdbb5

SHA1

7c423f710d6cf5a499fc7ccd8bc3ea4d2c8914ad

SHA256

c932b542b49acba2270fd3cea64bb7151f2878fc388816261fea1d7e6a0eb821

SHA512

87442c663b6eeaffad842a12f1c08b2ed8b76749443c734a9cef30175a97dff80a77f1a553a6312853df16f728dbd629baa4c9868393e5e6e4e60f4e1b4575d4

Malware Config
Targets
Target

tmp/44281f6f-da9d-409d-b3d5-f6214f797be4_1004.exe

MD5

606adb006089363b2be9638a921fdbb5

Filesize

2MB

Score
10/10
SHA1

7c423f710d6cf5a499fc7ccd8bc3ea4d2c8914ad

SHA256

c932b542b49acba2270fd3cea64bb7151f2878fc388816261fea1d7e6a0eb821

SHA512

87442c663b6eeaffad842a12f1c08b2ed8b76749443c734a9cef30175a97dff80a77f1a553a6312853df16f728dbd629baa4c9868393e5e6e4e60f4e1b4575d4

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                10/10