Overview

overview

10

Static

static

3

b17caccff7...e1.exe

windows7-x64

10

b17caccff7...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80538b85799ad9efd53243df8d1e64125a05c92a58e830d074fa25cff39788c8

  • Size

    666KB

  • Sample

    240417-p4q78ahe5w

  • MD5

    f4f2ccfd54e17a22efb23a1508f68f6b

  • SHA1

    26dca9f28d46b99a4b580e503d7aad82f5dccf20

  • SHA256

    80538b85799ad9efd53243df8d1e64125a05c92a58e830d074fa25cff39788c8

  • SHA512

    6c135766fb4f33d38cf7fc9c33a2ffeef99a38901d95dce5f2b747c49bd1fae15fdbf54d9e7d2adef6d09311216ab87be5e88536331abca11e11072e7ec7c796

  • SSDEEP

    12288:d5UOdG8jSYO0zAfTS4Ytw+q/7wV04Ynz57K9AhzowYnzM5AHE:sO8aSkAG4YOeVvYntL/YnAcE

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      b17caccff755c664135937e36fdb567dbae543833983b6168bedbd827c99a9e1.exe

    • Size

      714KB

    • MD5

      0f856264b3897d63e400a1ec6acd22dd

    • SHA1

      80854d99b3594ba36a1c7cfa5714438bc443cb57

    • SHA256

      b17caccff755c664135937e36fdb567dbae543833983b6168bedbd827c99a9e1

    • SHA512

      b54310bc73460c8242eedffdbf3055802a14b46608b52a2eb212c71112a03be3c6989a4edf225a48e0fb497d64b4a933e6a14b4f138c1481eeb34cbb0723310b

    • SSDEEP

      12288:kskRa5Wdqw2whDsM/xi8STi5zAJtxOqub4TSdQlol83NuDbT3y1PvWZNFx8RedyX:k/jj2EDsQxihiZAgquMtKl830rCeNc8+

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks