General

  • Target

    tmp/35fa568e-e40b-4fc1-a594-f63531241bb3_1008.exe

  • Size

    1.2MB

  • Sample

    211228-frpzysddh4

  • MD5

    11b918879c3646b680e18b1fa9bf6257

  • SHA1

    56f51188d1f72e2015224675c029c10fef21f0a3

  • SHA256

    e1bd988d2dbfc69031e8303132499d898010b1b8fbe5167ce1ce5a972ecd4c24

  • SHA512

    9e3b0a271d51233c79d351fa32d81cda976237e0e5e760eb1b304ef3d8c66ab481178c75293d1b4daf36af78f9fc1ee87446e85f8ccfe9038cd792a2973d7ffa

Malware Config

Targets

    • Target

      tmp/35fa568e-e40b-4fc1-a594-f63531241bb3_1008.exe

    • Size

      1.2MB

    • MD5

      11b918879c3646b680e18b1fa9bf6257

    • SHA1

      56f51188d1f72e2015224675c029c10fef21f0a3

    • SHA256

      e1bd988d2dbfc69031e8303132499d898010b1b8fbe5167ce1ce5a972ecd4c24

    • SHA512

      9e3b0a271d51233c79d351fa32d81cda976237e0e5e760eb1b304ef3d8c66ab481178c75293d1b4daf36af78f9fc1ee87446e85f8ccfe9038cd792a2973d7ffa

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks