General

  • Target

    374c55eb20213eccb0e6e4628fe5b037f7671825c636012a02b780742078b58d

  • Size

    6MB

  • Sample

    220625-bxcjlabda2

  • MD5

    4dce371ad817a4ff4f19c7963a63ad6d

  • SHA1

    603fa53519041f7e8d829dd70701283dfe4aa5ee

  • SHA256

    374c55eb20213eccb0e6e4628fe5b037f7671825c636012a02b780742078b58d

  • SHA512

    b49fe6569420a1bcff3408967d4b7f3fd80d9e50ba2a0665dfd2c95556e4d025ca3154fdafef9039182541497c821856b1e3f8b884c013a05ad1876f076891b2

Malware Config

Targets

    • Target

      374c55eb20213eccb0e6e4628fe5b037f7671825c636012a02b780742078b58d

    • Size

      6MB

    • MD5

      4dce371ad817a4ff4f19c7963a63ad6d

    • SHA1

      603fa53519041f7e8d829dd70701283dfe4aa5ee

    • SHA256

      374c55eb20213eccb0e6e4628fe5b037f7671825c636012a02b780742078b58d

    • SHA512

      b49fe6569420a1bcff3408967d4b7f3fd80d9e50ba2a0665dfd2c95556e4d025ca3154fdafef9039182541497c821856b1e3f8b884c013a05ad1876f076891b2

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks