Overview

overview

10

Static

static

10

Navalny-WP.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Navalny-WP.exe

  • Size

    978KB

  • Sample

    240526-3gjfraha37

  • MD5

    a23a62f40b15ad76b917e08876aab844

  • SHA1

    6c92d787df2c231ffdea30b5c0379271c6bd1984

  • SHA256

    5578c49d0e0285fe28b324e160d96e44c96ef2f996392ef3191747d667d302d5

  • SHA512

    ee86989532ca06925ffd7ccc7187647f8b575e5cae1231a4df9bb99522e32d70e7de3989b75989db7796a5508ac672a5dd6b75e7007973c0a2401b7d95129fc5

  • SSDEEP

    24576:jm3qYpzlRun7eDGy8koxw0Qk8YUWlrhzJzAX5i:sqYpJK7eKkoxDjUWldzNApi

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      Navalny-WP.exe

    • Size

      978KB

    • MD5

      a23a62f40b15ad76b917e08876aab844

    • SHA1

      6c92d787df2c231ffdea30b5c0379271c6bd1984

    • SHA256

      5578c49d0e0285fe28b324e160d96e44c96ef2f996392ef3191747d667d302d5

    • SHA512

      ee86989532ca06925ffd7ccc7187647f8b575e5cae1231a4df9bb99522e32d70e7de3989b75989db7796a5508ac672a5dd6b75e7007973c0a2401b7d95129fc5

    • SSDEEP

      24576:jm3qYpzlRun7eDGy8koxw0Qk8YUWlrhzJzAX5i:sqYpJK7eKkoxDjUWldzNApi

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks