General

  • Target

    WndowsHealthSecurityUpdate.exe

  • Size

    856KB

  • Sample

    220726-1a8e7aedej

  • MD5

    5ac3d3497a4f79a3117c4e5b9db33ed1

  • SHA1

    c158c51009630fbfe942a4e37a791e4cb841dadf

  • SHA256

    2863d59554f71daaca458ebf5f9d290771630f3945b54bef7a5cdc91ed963b6e

  • SHA512

    7be6ace465afbfc08e9a18b9bd8e75f14cc5e359e061748830ab4a29cc5816e3c73fbfa6baee440e7ee73887c4f3200f37a07564318e30bbbab4d452adc2edfa

Malware Config

Targets

    • Target

      WndowsHealthSecurityUpdate.exe

    • Size

      856KB

    • MD5

      5ac3d3497a4f79a3117c4e5b9db33ed1

    • SHA1

      c158c51009630fbfe942a4e37a791e4cb841dadf

    • SHA256

      2863d59554f71daaca458ebf5f9d290771630f3945b54bef7a5cdc91ed963b6e

    • SHA512

      7be6ace465afbfc08e9a18b9bd8e75f14cc5e359e061748830ab4a29cc5816e3c73fbfa6baee440e7ee73887c4f3200f37a07564318e30bbbab4d452adc2edfa

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks