Overview

overview

10

Static

static

3

3cd17165af...43.exe

windows7-x64

10

3cd17165af...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cd17165afef7bc37fbed16744766fa85cf63aa8d8e85f7d9977c82f5359b343

  • Size

    141KB

  • Sample

    240418-zp6pgaef46

  • MD5

    be83415923b898d5f868e1a1188cf034

  • SHA1

    9406f93776ba8121933ed81c981689232132897c

  • SHA256

    3cd17165afef7bc37fbed16744766fa85cf63aa8d8e85f7d9977c82f5359b343

  • SHA512

    3d088600f4ef4389d13decb6c919932092bd70456f2da8f8cf948cdfc7dc0286801a608e19915f0db70b80bc3c122cf24f8a98f406ee128a3b0d7446d2a171a5

  • SSDEEP

    3072:zr8WDrCkRD5b+AZ7y4jem7y6tqNRCywDw1DiJkuKUY:PuGD5lZ7y4j9cT4DteUY

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      3cd17165afef7bc37fbed16744766fa85cf63aa8d8e85f7d9977c82f5359b343

    • Size

      141KB

    • MD5

      be83415923b898d5f868e1a1188cf034

    • SHA1

      9406f93776ba8121933ed81c981689232132897c

    • SHA256

      3cd17165afef7bc37fbed16744766fa85cf63aa8d8e85f7d9977c82f5359b343

    • SHA512

      3d088600f4ef4389d13decb6c919932092bd70456f2da8f8cf948cdfc7dc0286801a608e19915f0db70b80bc3c122cf24f8a98f406ee128a3b0d7446d2a171a5

    • SSDEEP

      3072:zr8WDrCkRD5b+AZ7y4jem7y6tqNRCywDw1DiJkuKUY:PuGD5lZ7y4j9cT4DteUY

    Score
    10/10
    neshtapersistencespywarestealer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks