General

  • Target

    tmp/ed3d8bdf-c1c7-4e1c-a9fe-2c6c900ca8d0_1011.exe

  • Size

    931KB

  • Sample

    211228-fpw1gscacn

  • MD5

    942547df7e44b3c70624e386da271b24

  • SHA1

    a212daed6bfe9eb149369c1805e563bbed2be27f

  • SHA256

    7043eb9c377c2a90b3f71b4ac4a8ddd9432f59e375112452c3f2294ee9fa40b7

  • SHA512

    7b1ec6b3789b96570b53b870c78daa6fb586caf7f6e5c88ee62301c073108939b5952a75aca895832e3b83f2a3fe248f21b062e619d50f9b00e9e3e64731f0f8

Malware Config

Targets

    • Target

      tmp/ed3d8bdf-c1c7-4e1c-a9fe-2c6c900ca8d0_1011.exe

    • Size

      931KB

    • MD5

      942547df7e44b3c70624e386da271b24

    • SHA1

      a212daed6bfe9eb149369c1805e563bbed2be27f

    • SHA256

      7043eb9c377c2a90b3f71b4ac4a8ddd9432f59e375112452c3f2294ee9fa40b7

    • SHA512

      7b1ec6b3789b96570b53b870c78daa6fb586caf7f6e5c88ee62301c073108939b5952a75aca895832e3b83f2a3fe248f21b062e619d50f9b00e9e3e64731f0f8

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks