General

  • Target

    78d59eac7677f44c5ad308cf4a4c0df57a688f24fc20f43cb7a85b5a3da8a102

  • Size

    152KB

  • Sample

    221202-r2sdlsbf7w

  • MD5

    f68ba3cd2fbd346d718116f20e8ab777

  • SHA1

    488d842f582524bfaa4c56c882a4ebe51374f361

  • SHA256

    78d59eac7677f44c5ad308cf4a4c0df57a688f24fc20f43cb7a85b5a3da8a102

  • SHA512

    67a536925416202b9f71837647a730b255054a8dd50db8510b4483989398a8bec79b1095ffa811c6960e2bfad8db31f3ac4bb266922f7f1eccc6f1563bbb5e23

  • SSDEEP

    3072:sr8lCa/H95f1sYZ9oGRUjvCE8R/Ao3UMf+97r55BIxq:kxM5Fa3j6E97r7Oxq

Malware Config

Targets

    • Target

      78d59eac7677f44c5ad308cf4a4c0df57a688f24fc20f43cb7a85b5a3da8a102

    • Size

      152KB

    • MD5

      f68ba3cd2fbd346d718116f20e8ab777

    • SHA1

      488d842f582524bfaa4c56c882a4ebe51374f361

    • SHA256

      78d59eac7677f44c5ad308cf4a4c0df57a688f24fc20f43cb7a85b5a3da8a102

    • SHA512

      67a536925416202b9f71837647a730b255054a8dd50db8510b4483989398a8bec79b1095ffa811c6960e2bfad8db31f3ac4bb266922f7f1eccc6f1563bbb5e23

    • SSDEEP

      3072:sr8lCa/H95f1sYZ9oGRUjvCE8R/Ao3UMf+97r55BIxq:kxM5Fa3j6E97r7Oxq

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks