General

  • Target

    683f425d67f75285de211d6f84a1b330330b7140123109643fbb969b960c92d5

  • Size

    559KB

  • Sample

    221202-r2w2ssbf8z

  • MD5

    077427eaec9bf0cd41247d5a8ffd5f21

  • SHA1

    53c931156686c316c3fe733c660650ca39506601

  • SHA256

    683f425d67f75285de211d6f84a1b330330b7140123109643fbb969b960c92d5

  • SHA512

    c36c8a5da91f2e3cf8dacc08c1a20594e10e4a086cba79c86a6b54711dcdc094285e22370e224b596ca77b023e7a442de58e80f43e5eafb2db2833cec6313913

  • SSDEEP

    12288:/JfNhckgQqKprF3MHlEEFxyA3FM1dtS2VzYKj86sbyS7Km3xqLr:/ZJNlF3MFDf5FMTtLpYOkP7RMn

Malware Config

Targets

    • Target

      683f425d67f75285de211d6f84a1b330330b7140123109643fbb969b960c92d5

    • Size

      559KB

    • MD5

      077427eaec9bf0cd41247d5a8ffd5f21

    • SHA1

      53c931156686c316c3fe733c660650ca39506601

    • SHA256

      683f425d67f75285de211d6f84a1b330330b7140123109643fbb969b960c92d5

    • SHA512

      c36c8a5da91f2e3cf8dacc08c1a20594e10e4a086cba79c86a6b54711dcdc094285e22370e224b596ca77b023e7a442de58e80f43e5eafb2db2833cec6313913

    • SSDEEP

      12288:/JfNhckgQqKprF3MHlEEFxyA3FM1dtS2VzYKj86sbyS7Km3xqLr:/ZJNlF3MFDf5FMTtLpYOkP7RMn

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Bootkit

1
T1067

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks