General

  • Target

    85cea07bfcc3908d6c5c50702ed569bca5619f8d393fe8b539008ae6b59fd9ac

  • Size

    40KB

  • Sample

    240621-3rtz8swdkh

  • MD5

    5a90b60bf52824c3e55c7d937ccff80b

  • SHA1

    b8427be6990da631f1561b232baa5cbf58684594

  • SHA256

    85cea07bfcc3908d6c5c50702ed569bca5619f8d393fe8b539008ae6b59fd9ac

  • SHA512

    0bee083bbd11889606416f139da7cfe3318471363cf5c28a781d7d07d6daa8b7fdffb57067dae10c4ed0912a462f98b5ce978906cdbabe4a3beb49793d1af9bd

  • SSDEEP

    768:syxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJPpp:rxqjQ+P04wsmJCUpp

Malware Config

Targets

    • Target

      85cea07bfcc3908d6c5c50702ed569bca5619f8d393fe8b539008ae6b59fd9ac

    • Size

      40KB

    • MD5

      5a90b60bf52824c3e55c7d937ccff80b

    • SHA1

      b8427be6990da631f1561b232baa5cbf58684594

    • SHA256

      85cea07bfcc3908d6c5c50702ed569bca5619f8d393fe8b539008ae6b59fd9ac

    • SHA512

      0bee083bbd11889606416f139da7cfe3318471363cf5c28a781d7d07d6daa8b7fdffb57067dae10c4ed0912a462f98b5ce978906cdbabe4a3beb49793d1af9bd

    • SSDEEP

      768:syxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJPpp:rxqjQ+P04wsmJCUpp

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks