neshta | d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902 | Triage

Submit
Reports

Overview

overview

Static

static

d53e6eb20d...02.exe

windows7_x64

d53e6eb20d...02.exe

windows10_x64

Sharing

General

Target

d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902
Size

388KB
Sample

220124-bbfzwshbc3
MD5

573ba3a6bd1ed5e08607edd87abf179c
SHA1

7c9f4fea91a14701a3e5cb2f851c3dff34fb5ff2
SHA256

d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902
SHA512

98a634a88e9a27ff0807b93a5c38d57554ea71f7b66602e707cbc8bfb4d6af794895d072f10e55f5d51e401be07ab3c62fbd38eeda6b3e64c843e9e0f08a0f35

Score

10^/10

neshta sodinokibi persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902.exe

Resource

win7-en-20211208

neshta sodinokibi persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902.exe

Resource

win10-en-20211208

neshta sodinokibi persistence ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902
- Size
  
  388KB
- MD5
  
  573ba3a6bd1ed5e08607edd87abf179c
- SHA1
  
  7c9f4fea91a14701a3e5cb2f851c3dff34fb5ff2
- SHA256
  
  d53e6eb20d40a10c81e23bd9d6c9ebdf6da3c4620583028def3c517f1db09902
- SHA512
  
  98a634a88e9a27ff0807b93a5c38d57554ea71f7b66602e707cbc8bfb4d6af794895d072f10e55f5d51e401be07ab3c62fbd38eeda6b3e64c843e9e0f08a0f35
Score

10^/10

neshta sodinokibi persistence ransomware spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Sodin,Sodinokibi,REvil
  Ransomware with advanced anti-analysis and privilege escalation functionality.
  ransomware sodinokibi
- Sodinokibi/Revil sample
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtasodinokibipersistenceransomwarespywarestealer

behavioral2

neshtasodinokibipersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy