General

  • Target

    Updater.exe

  • Size

    415KB

  • Sample

    240620-rreprssbqe

  • MD5

    b8c8dcd23b90a04bdacfab98e8eb2db4

  • SHA1

    85949ba49a29c63c13939a0e40584dcab93aee8d

  • SHA256

    9f1b7c68c3a219686868e4e9c7e1ebf2539e91b47005468038eaa14252c28d42

  • SHA512

    b67407b764cf219f68b946dadc962b249008a58f702afdb846501ebdcb274143781d423866c25f078eb340731976b6e084798fe29125151c14d3333a0dbad536

  • SSDEEP

    3072:Sr85CUvd1b/NC2RQovSj5YIU2cxV4x7PMVU7zOsMsK7Gg7GH:a9CbD6Flx7PMVIOXsK777C

Malware Config

Targets

    • Target

      Updater.exe

    • Size

      415KB

    • MD5

      b8c8dcd23b90a04bdacfab98e8eb2db4

    • SHA1

      85949ba49a29c63c13939a0e40584dcab93aee8d

    • SHA256

      9f1b7c68c3a219686868e4e9c7e1ebf2539e91b47005468038eaa14252c28d42

    • SHA512

      b67407b764cf219f68b946dadc962b249008a58f702afdb846501ebdcb274143781d423866c25f078eb340731976b6e084798fe29125151c14d3333a0dbad536

    • SSDEEP

      3072:Sr85CUvd1b/NC2RQovSj5YIU2cxV4x7PMVU7zOsMsK7Gg7GH:a9CbD6Flx7PMVIOXsK777C

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks