e53a4aaad552ff79195737b6efe54cc1b6fc81945c023bee4a51e53e67c34550

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-10-2024 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
Size

579KB
MD5

afd9e3fb138eecec611d42f073bc44bc
SHA1

877523b64626ebd8fa50b3eb0214314f63d41649
SHA256

e53a4aaad552ff79195737b6efe54cc1b6fc81945c023bee4a51e53e67c34550
SHA512

92844bb5432d9f329f2104dafa67e8e31d8be8fb436df1a7aedd5d52d6335a6edccc7de6de1670a723b06bda687fd7f9d425be05bf4d70286b0deaa9e4bb90fc
SSDEEP

12288:G7v7ICAUWM5W8MzRzF7v7K7v7u7v7u7v7w:GD7IC/Wn8UlFD7KD7uD7uD7w

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\stuffs = "C:\\ext\\Instplug.exe"	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

Processes:

2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe

pid	Process
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
2364	2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe

C:\Users\Admin\AppData\Local\Temp\2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-21_afd9e3fb138eecec611d42f073bc44bc_mafia_neshta.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91979b662ce87794f53366f6d5df4ac3

SHA1
bca7afb58313e5a9f59d4158ae206b660a6b86b8

SHA256
a21667833a904e85b50a3e7010fe97f8b2989bfbe88aa3234fa40846f56479a5

SHA512
1f23e1cac42c41abde25d930d4153c0ff75bc28686c9fac0a8ba899cce700f3264f5cd8765aa6bbbc70ab669131d19ce8345ca3f99ad3ce24bb1803a252e4995

Download Submit