b478f1b81364b8498b6ee8779593f2e2b41fa987261abf359c2e1daefbb7a2b4

General
Target

b478f1b81364b8498b6ee8779593f2e2b41fa987261abf359c2e1daefbb7a2b4

Size

208KB

Sample

220122-bbfn5afgh4

Score
10 /10
MD5

efa3b342a50f336062d2bd7f06103965

SHA1

d2cd5c11dfcec8b8d642b53a7fe8203dcae09bd6

SHA256

b478f1b81364b8498b6ee8779593f2e2b41fa987261abf359c2e1daefbb7a2b4

SHA512

477fbc42737960b986557901f93054b1bfbc2d049fbd36294d83b880c6d3cc033a3c0fa94953359fedf8e068be14ad6fb1aca76870c6e7c776e056c321c751d7

Malware Config
Targets
Target

b478f1b81364b8498b6ee8779593f2e2b41fa987261abf359c2e1daefbb7a2b4

MD5

efa3b342a50f336062d2bd7f06103965

Filesize

208KB

Score
10/10
SHA1

d2cd5c11dfcec8b8d642b53a7fe8203dcae09bd6

SHA256

b478f1b81364b8498b6ee8779593f2e2b41fa987261abf359c2e1daefbb7a2b4

SHA512

477fbc42737960b986557901f93054b1bfbc2d049fbd36294d83b880c6d3cc033a3c0fa94953359fedf8e068be14ad6fb1aca76870c6e7c776e056c321c751d7

Tags

Signatures

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Drops file in Drivers directory

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                10/10