Overview

overview

10

Static

static

10

bafcc6ae8e...66.exe

windows7-x64

10

bafcc6ae8e...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bafcc6ae8ea3ff90bc6faa53369e4677780890cbfb6e6a8582921e855ee7a566

  • Size

    1.0MB

  • Sample

    240419-cqj6jaea34

  • MD5

    b47ee9163912ebe95ce9c13f08a5b9ae

  • SHA1

    e59ec30c2f53a48ab75c6af0bbbeb7d66940374a

  • SHA256

    bafcc6ae8ea3ff90bc6faa53369e4677780890cbfb6e6a8582921e855ee7a566

  • SHA512

    fcedae8efd2e1fedd0c7491d3b749a852332a76243957d503526f51ef4d0c10adb3ec94aeaf452836e958e6a9c642066007b070c4f594f44c541eb09a4ffddc3

  • SSDEEP

    24576:I4394Ezbn4394Ezb/soUrXxmR4394Ezb:I4394Evn4394Ev/soCO4394Ev

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      bafcc6ae8ea3ff90bc6faa53369e4677780890cbfb6e6a8582921e855ee7a566

    • Size

      1.0MB

    • MD5

      b47ee9163912ebe95ce9c13f08a5b9ae

    • SHA1

      e59ec30c2f53a48ab75c6af0bbbeb7d66940374a

    • SHA256

      bafcc6ae8ea3ff90bc6faa53369e4677780890cbfb6e6a8582921e855ee7a566

    • SHA512

      fcedae8efd2e1fedd0c7491d3b749a852332a76243957d503526f51ef4d0c10adb3ec94aeaf452836e958e6a9c642066007b070c4f594f44c541eb09a4ffddc3

    • SSDEEP

      24576:I4394Ezbn4394Ezb/soUrXxmR4394Ezb:I4394Evn4394Ev/soCO4394Ev

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks