General

  • Target

    b1dc0f68ec414d66e35cb546aa0c84d552b8e659092261493a5e6ee00bdbc1d8

  • Size

    300KB

  • Sample

    221202-r17f5sbf3x

  • MD5

    f99be5bb89572c27e5fd6772c447fdc1

  • SHA1

    2061fce18c8e7e17bb435f113b6187e308bdc5f0

  • SHA256

    b1dc0f68ec414d66e35cb546aa0c84d552b8e659092261493a5e6ee00bdbc1d8

  • SHA512

    4c46e54aa64eba81a9e0be8f8a32db0171d855aa308d56725eb068e0f64b74276bd84ae8eb6d7443b501c44e9b0ce374f03db625400ef89aae766573ac22d678

  • SSDEEP

    6144:k9HgFtx1oM+dFbHjJepKAEsJxzWmZJBWmZJG:fFkjbHjJ+2sPvs

Malware Config

Targets

    • Target

      b1dc0f68ec414d66e35cb546aa0c84d552b8e659092261493a5e6ee00bdbc1d8

    • Size

      300KB

    • MD5

      f99be5bb89572c27e5fd6772c447fdc1

    • SHA1

      2061fce18c8e7e17bb435f113b6187e308bdc5f0

    • SHA256

      b1dc0f68ec414d66e35cb546aa0c84d552b8e659092261493a5e6ee00bdbc1d8

    • SHA512

      4c46e54aa64eba81a9e0be8f8a32db0171d855aa308d56725eb068e0f64b74276bd84ae8eb6d7443b501c44e9b0ce374f03db625400ef89aae766573ac22d678

    • SSDEEP

      6144:k9HgFtx1oM+dFbHjJepKAEsJxzWmZJBWmZJG:fFkjbHjJ+2sPvs

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks