Threat Spotlight: Neshta File Infector Endures

Neshta is an older file infector that is still prevalent in the wild. It was initially observed in 2003 and has been previously associated with BlackPOS malware. It prepends malicious code to infected files. This threat is commonly introduced into an environment through unintentional downloading or by other malware. It infects Windows executable files and may attack network shares and removable storage devices.

In 2018 Neshta predominantly targeted the manufacturing industry, but attacked the finance, consumer goods, and energy sectors as well. To achieve persistence Neshta renames itself to then modifies the registry so it runs each time an .exe file is launched. This threat is known to collect system information and use POST requests to exfiltrate data to attacker-controlled servers. The Neshta binaries used in our analysis did not demonstrate the data exfiltration behaviour or functionality.

Read more…
Source: BlackBerry Cylance