General

  • Target

    tmp/1f732dad-540b-40f2-8e96-ece256af6051_1006.exe

  • Size

    3MB

  • Sample

    211228-frq71sddh5

  • MD5

    8900fe14a0b6f8bce07e8544753a5489

  • SHA1

    03735c613ea906da4e0a57390fc968b17268ded1

  • SHA256

    5d7d8c5bf6c22376174fd83c86ba78d024a4d30ca0ad2657d65daca35ba3ba6e

  • SHA512

    3bdc8d0fcb8f3536b988fb7a7ca9fc60ecf7a6beaf6baa5f9909656ca9f9012a70854af0568e2ae3e29893bc6b81ec6e089eb7cda11206245779ec8fbfa90833

Malware Config

Targets

    • Target

      tmp/1f732dad-540b-40f2-8e96-ece256af6051_1006.exe

    • Size

      3MB

    • MD5

      8900fe14a0b6f8bce07e8544753a5489

    • SHA1

      03735c613ea906da4e0a57390fc968b17268ded1

    • SHA256

      5d7d8c5bf6c22376174fd83c86ba78d024a4d30ca0ad2657d65daca35ba3ba6e

    • SHA512

      3bdc8d0fcb8f3536b988fb7a7ca9fc60ecf7a6beaf6baa5f9909656ca9f9012a70854af0568e2ae3e29893bc6b81ec6e089eb7cda11206245779ec8fbfa90833

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation