General

  • Target

    tmp/c6dffc4e-7a0d-4cb0-9a3a-b3e327e0d1dd_1003.exe

  • Size

    930KB

  • Sample

    211228-fte8jacadk

  • MD5

    f216fec248b643e7def093cb7fdddb2c

  • SHA1

    e13794371af188551bdd02e4d569d71b51fae2d3

  • SHA256

    f3e9c213d0e32dc314919c6932b1924d7c97c82c5dcb846179436f75660381d1

  • SHA512

    b1de56cd14f7a6cc708b46e7b764538abc78b8d309be6ee5c3923a6152cca044bf945f726c9922566ab793c57adc76f90dedb8bf5fd4a2f2a091c73fb6c062e6

Malware Config

Targets

    • Target

      tmp/c6dffc4e-7a0d-4cb0-9a3a-b3e327e0d1dd_1003.exe

    • Size

      930KB

    • MD5

      f216fec248b643e7def093cb7fdddb2c

    • SHA1

      e13794371af188551bdd02e4d569d71b51fae2d3

    • SHA256

      f3e9c213d0e32dc314919c6932b1924d7c97c82c5dcb846179436f75660381d1

    • SHA512

      b1de56cd14f7a6cc708b46e7b764538abc78b8d309be6ee5c3923a6152cca044bf945f726c9922566ab793c57adc76f90dedb8bf5fd4a2f2a091c73fb6c062e6

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation