Overview

overview

10

Static

static

10

e9bfbb18b5...84.exe

windows7-x64

10

e9bfbb18b5...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9bfbb18b5cfc7e36f60951bc79676a9a3e3ea2b01172afcf9b8d23c5fa8b884

  • Size

    40KB

  • Sample

    240421-esystaag64

  • MD5

    1216663e4975ef42125f625bfa982a94

  • SHA1

    f6a074cd84f655f1f749bda266e0f72016ae53a9

  • SHA256

    e9bfbb18b5cfc7e36f60951bc79676a9a3e3ea2b01172afcf9b8d23c5fa8b884

  • SHA512

    ff2647bdf9fbff68c1c56ce956a62f311e24222955684037b9d718638328a1510b5247f5d4561528d60e0105f1ee53c27a6c1ab403bd9099df871e7fa2f8df76

  • SSDEEP

    768:HyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJU:SxqjQ+P04wsmJC

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      e9bfbb18b5cfc7e36f60951bc79676a9a3e3ea2b01172afcf9b8d23c5fa8b884

    • Size

      40KB

    • MD5

      1216663e4975ef42125f625bfa982a94

    • SHA1

      f6a074cd84f655f1f749bda266e0f72016ae53a9

    • SHA256

      e9bfbb18b5cfc7e36f60951bc79676a9a3e3ea2b01172afcf9b8d23c5fa8b884

    • SHA512

      ff2647bdf9fbff68c1c56ce956a62f311e24222955684037b9d718638328a1510b5247f5d4561528d60e0105f1ee53c27a6c1ab403bd9099df871e7fa2f8df76

    • SSDEEP

      768:HyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJU:SxqjQ+P04wsmJC

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks