Overview

overview

10

Static

static

10

svchost.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svchost.com

  • Size

    40KB

  • Sample

    240430-235ensaa3x

  • MD5

    0e4ee2a9b3ec486931a0338c69737a8e

  • SHA1

    265b5d6121ccd338583d12180bd6048cf0437afd

  • SHA256

    61bc5392dcbed2c34debb54bd4f1ad4cdc3c78039b8acbabc500ab6c4316d3a7

  • SHA512

    1c021177adcdd50d3b829a3e6378f29bab15dae45bf424513f2849c45f8461eedee9bb59bf711edd46bcb83513b30fb6100352cea99204dc2e64e1b7d4ffeb37

  • SSDEEP

    768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJa:JxqjQ+P04wsmJCB

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      svchost.com

    • Size

      40KB

    • MD5

      0e4ee2a9b3ec486931a0338c69737a8e

    • SHA1

      265b5d6121ccd338583d12180bd6048cf0437afd

    • SHA256

      61bc5392dcbed2c34debb54bd4f1ad4cdc3c78039b8acbabc500ab6c4316d3a7

    • SHA512

      1c021177adcdd50d3b829a3e6378f29bab15dae45bf424513f2849c45f8461eedee9bb59bf711edd46bcb83513b30fb6100352cea99204dc2e64e1b7d4ffeb37

    • SSDEEP

      768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJa:JxqjQ+P04wsmJCB

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks