General

  • Target

    6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7

  • Size

    4.9MB

  • Sample

    240621-2f8htashlh

  • MD5

    8db303ff9a82f4dcef13e15ff47696bd

  • SHA1

    3c21b59735acf8f0e56c6c668e579b657ac8aa39

  • SHA256

    6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7

  • SHA512

    b0bf9a6e338223aa0f14e64251e09140cc3ee1508320acb257b9c2682e6f632df48a5d288ad0cd3922d151a60ad13f391a4454458c8e40c3d858f0720f8e8539

  • SSDEEP

    49152:wnsHyjtk2MYC5GDT37+O+4RTrb/TyvO90d7HjmAFd4A64nsfJ5Wgf/ioNayWbnO6:wnsmtk2a74RJvuyCcX4cEA5Lc

Malware Config

Targets

    • Target

      6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7

    • Size

      4.9MB

    • MD5

      8db303ff9a82f4dcef13e15ff47696bd

    • SHA1

      3c21b59735acf8f0e56c6c668e579b657ac8aa39

    • SHA256

      6a9cde7326dea45154943b90af92cf0a289b5590f3142efd39665bc300f5d3e7

    • SHA512

      b0bf9a6e338223aa0f14e64251e09140cc3ee1508320acb257b9c2682e6f632df48a5d288ad0cd3922d151a60ad13f391a4454458c8e40c3d858f0720f8e8539

    • SSDEEP

      49152:wnsHyjtk2MYC5GDT37+O+4RTrb/TyvO90d7HjmAFd4A64nsfJ5Wgf/ioNayWbnO6:wnsmtk2a74RJvuyCcX4cEA5Lc

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks