Overview

overview

10

Static

static

10

cf13f8579b...73.exe

windows7-x64

10

cf13f8579b...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf13f8579b12563e300d702bcbd0d2a3a1254944d754faead5fcb1022252a373

  • Size

    146KB

  • Sample

    240419-dpgjpaga8w

  • MD5

    1f8b0169f3f500cff0f99bf253282c2a

  • SHA1

    e2ccaffdc249d737fa2b10729a43189a5c044d62

  • SHA256

    cf13f8579b12563e300d702bcbd0d2a3a1254944d754faead5fcb1022252a373

  • SHA512

    0f4fb4da5baf676b9d9cb02c6bf2b0316e38ba9519844963e5c275820e5ad3dda1bb82d7ee28d205e70f4ceb17c54cea307997d434b75e26c716bbee8b56bca6

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+Edt8wDSRUTT:k9xbAMpgY3gTI8DRUTT

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      cf13f8579b12563e300d702bcbd0d2a3a1254944d754faead5fcb1022252a373

    • Size

      146KB

    • MD5

      1f8b0169f3f500cff0f99bf253282c2a

    • SHA1

      e2ccaffdc249d737fa2b10729a43189a5c044d62

    • SHA256

      cf13f8579b12563e300d702bcbd0d2a3a1254944d754faead5fcb1022252a373

    • SHA512

      0f4fb4da5baf676b9d9cb02c6bf2b0316e38ba9519844963e5c275820e5ad3dda1bb82d7ee28d205e70f4ceb17c54cea307997d434b75e26c716bbee8b56bca6

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+Edt8wDSRUTT:k9xbAMpgY3gTI8DRUTT

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks