neshta | 4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5 | Triage

Submit
Reports

Overview

overview

Static

static

Petya.exe

windows7_x64

Resubmissions

28-05-2022 09:40

220528-lnm9vaggek 10

26-05-2022 13:49

220526-q4qr5abhh8 10

Sharing

General

Target

Petya.exe
Size

266KB
Sample

220526-q4qr5abhh8
MD5

505e38e344f45ea9ff9c9b560d851c1e
SHA1

c5e934de62fbbad105eef0ec1b533ca00aba05b0
SHA256

4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5
SHA512

6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689

Score

10^/10

neshta bootkit persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Petya.exe

Resource

win7-20220414-en

neshta bootkit persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Petya.exe
- Size
  
  266KB
- MD5
  
  505e38e344f45ea9ff9c9b560d851c1e
- SHA1
  
  c5e934de62fbbad105eef0ec1b533ca00aba05b0
- SHA256
  
  4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5
- SHA512
  
  6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689
Score

10^/10

neshta bootkit persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtabootkitpersistencespywarestealer

© 2018-2024

Terms | Privacy