tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

Target

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

Size

971KB

Sample

211228-m32apadgc6

Score

10 ^/10

MD5

ae340c49fe80c252c79d4cd6ff796ba0

SHA1

96e1dc388300f396a47a2569654f64d5a0fca3e5

SHA256

d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b

SHA512

fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027

neshta persistence spyware stealer

Target

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

MD5

ae340c49fe80c252c79d4cd6ff796ba0

Filesize

971KB

Score

10^/10

SHA1

96e1dc388300f396a47a2569654f64d5a0fca3e5

SHA256

d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b

SHA512

fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027

Tags

neshta persistence spyware stealer

Signatures

Detect Neshta Payload
Modifies system executable filetype association
Tags

persistence

TTPs

Modify RegistryChange Default File Association
Neshta
Description

Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Tags

persistence spyware neshta
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Change Default File Association

Privilege Escalation

static1

10^/10

behavioral1

neshta persistence spyware stealer

10^/10

behavioral2

neshta persistence spyware stealer

10^/10