General

  • Target

    tmp/426d37ca-f57c-40ea-9546-3451dd6a793c_1010.exe

  • Size

    1.2MB

  • Sample

    211228-fthzescadl

  • MD5

    55ca0ab18dfc8936c797000b4b5ad050

  • SHA1

    973533cf199bc915dded44365c753ad179f73e43

  • SHA256

    443c3416cb3757851df457336409b478c624f9180ffb4c2a3289da8d69c1e770

  • SHA512

    0bbf723577b94ff8a82b353d61d9e939e1359cc288dc99c2c794375d6dd39ee0585317da34d50db1ddf6d897e16d2232bcdce77fe165982699929a05ad5fa2a0

Malware Config

Targets

    • Target

      tmp/426d37ca-f57c-40ea-9546-3451dd6a793c_1010.exe

    • Size

      1.2MB

    • MD5

      55ca0ab18dfc8936c797000b4b5ad050

    • SHA1

      973533cf199bc915dded44365c753ad179f73e43

    • SHA256

      443c3416cb3757851df457336409b478c624f9180ffb4c2a3289da8d69c1e770

    • SHA512

      0bbf723577b94ff8a82b353d61d9e939e1359cc288dc99c2c794375d6dd39ee0585317da34d50db1ddf6d897e16d2232bcdce77fe165982699929a05ad5fa2a0

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks