Overview

overview

10

Static

static

FRITSCH052021.exe

windows7_x64

10

FRITSCH052021.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    234513dc02d0cd4c655140de663de6ec2d41400b861b97d2e8c447fd3e0e5f0b

  • Size

    642KB

  • Sample

    220205-nrah9sbbfl

  • MD5

    6e0512d2d80bb975459b61c95063b31f

  • SHA1

    234fe5699f640011eafef4291d4b9d0ebf87a5b1

  • SHA256

    234513dc02d0cd4c655140de663de6ec2d41400b861b97d2e8c447fd3e0e5f0b

  • SHA512

    7578e67369223a09f550f694383e119a3e267c169dace22af67a1e5e4edb6919acbf828a1643a8f5e135a0e2684efe1f692088a38b42c276e7c2ea7cb9c49135

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      FRITSCH052021.exe

    • Size

      910KB

    • MD5

      bfa87eb40dde541955947bcfcd074abc

    • SHA1

      3a84ccbe6732100c0ed7ed57885c4d256ad66960

    • SHA256

      f40d44f8bf9784e030121e7540a0680f6a0156f1b1fcbe000adbae0d41322817

    • SHA512

      ae2eea9cae1f8a676d664ce599f0866c61ceb5e0defc180c3088ee39b0e12f63485063f4daadf94db60bcc6f0f82a8896c1b136f6b81e521ab05163b7d8c34ce

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks