Overview

overview

10

Static

static

10

e0faff582c...45.exe

windows7_x64

10

e0faff582c...45.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5542375112474624.zip

  • Size

    168KB

  • Sample

    220124-s9j8msfdhj

  • MD5

    54a1987bac8d38340a1a3e86e1a180e7

  • SHA1

    12b3e892dc13dd9bc2a4a9893f4ee47414cf6820

  • SHA256

    79e44db9cbf7207bee57d835115332fafef4f38c0f9a888023dfd35bca50e814

  • SHA512

    a34dfe79ef84972bd37cd357accf11a6daf8359afe201fd9d82e7cf27f50f2239913a0e74647a0dc6a78de19d4a6d8eafb2060398a17382ab0e1e3bffe015639

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745

    • Size

      299KB

    • MD5

      066b95391597221c54db58434089fee1

    • SHA1

      8879cbae7682e83bb5a8296e58de8a8f9c08e7ce

    • SHA256

      e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745

    • SHA512

      949e9df1b713b1ebd0bc83d4786e77036c93116a91d359aed6cbcf184c4f0a6396b98bb34beb0839e51345fec54c01b6de06d49358a85daffeb8e551ee73caf6

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks