tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

General
Target

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

Size

971KB

Sample

211228-m32apadgc6

Score
10 /10
MD5

ae340c49fe80c252c79d4cd6ff796ba0

SHA1

96e1dc388300f396a47a2569654f64d5a0fca3e5

SHA256

d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b

SHA512

fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027

Malware Config
Targets
Target

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

MD5

ae340c49fe80c252c79d4cd6ff796ba0

Filesize

971KB

Score
10/10
SHA1

96e1dc388300f396a47a2569654f64d5a0fca3e5

SHA256

d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b

SHA512

fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                10/10