88fba2ddc7394cdf2fdc073a969aebe11e20bf8844d486f04c5a22818716b611

Target

88fba2ddc7394cdf2fdc073a969aebe11e20bf8844d486f04c5a22818716b611

Size

286KB

Sample

220124-b2z6fshfcr

Score

10 ^/10

MD5

3fcdb9dd3a2aaba8fb7e9cfe3c5d4523

SHA1

f952a62775f4d0781a4595c1fb4b48161f569744

SHA256

88fba2ddc7394cdf2fdc073a969aebe11e20bf8844d486f04c5a22818716b611

SHA512

c6c21246d6d95f8c845caa599529b32e127eebf2917ba54a02a8f966c277adfd82fe041a68daa42b04c2bf918fa4a9d6f453d8d264548a859692a01d4327bc29

neshta sodinokibi persistence spyware stealer

Target

88fba2ddc7394cdf2fdc073a969aebe11e20bf8844d486f04c5a22818716b611

MD5

3fcdb9dd3a2aaba8fb7e9cfe3c5d4523

Filesize

286KB

Score

10^/10

SHA1

f952a62775f4d0781a4595c1fb4b48161f569744

SHA256

88fba2ddc7394cdf2fdc073a969aebe11e20bf8844d486f04c5a22818716b611

SHA512

c6c21246d6d95f8c845caa599529b32e127eebf2917ba54a02a8f966c277adfd82fe041a68daa42b04c2bf918fa4a9d6f453d8d264548a859692a01d4327bc29

Tags

neshta persistence spyware stealer

Signatures

Modifies system executable filetype association
Tags

persistence

TTPs

Modify RegistryChange Default File Association
Neshta
Description

Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Tags

persistence spyware neshta
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Change Default File Association

Privilege Escalation

static1

neshta sodinokibi

10^/10

behavioral1

neshta persistence spyware stealer

10^/10

behavioral2

neshta persistence spyware stealer

10^/10