General

  • Target

    tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

  • Size

    3MB

  • Sample

    211228-fpxl1scacp

  • MD5

    0df509291dbe0de01efd4e59b5c3b2dc

  • SHA1

    06e97544849ce889a83e3c4f5bc74c99971d668d

  • SHA256

    bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

  • SHA512

    3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

Malware Config

Targets

    • Target

      tmp/b3fa4a1b-268f-49b2-9a04-47f6550e1a9a_1009.exe

    • Size

      3MB

    • MD5

      0df509291dbe0de01efd4e59b5c3b2dc

    • SHA1

      06e97544849ce889a83e3c4f5bc74c99971d668d

    • SHA256

      bae433ef175b58fde659d4c84a8bd8d6625f75b3d7b56b4771c6dbb377d03efa

    • SHA512

      3e9383ee1ec55c980c1570f89ff3be76d62b2714553a04bd5deb2d3e373bb6e5afbaf5cd8a64dd3635e49d281af39a2b081cac1a3ea653e92ba03c5d668c40b5

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation