General
-
Target
24352a3a.docx
-
Size
10KB
-
Sample
211023-jnge7acbf2
-
MD5
41d36ccc9c5225adf6be4bfff6747788
-
SHA1
ca688ea823b17b517ba815a6e18efe431747cc95
-
SHA256
24352a3a3322b6766dde282ac9b416d7ad614509a22c6dd43b3e68a96e35120b
-
SHA512
1cde26e8e43d9cfef7e902c1cd397057f0b4049835618c94b9e49a1263d5408491a2361a7e3e1be75c0ca84ba8c10f0abe3a9cab032c156635d491112ea554cd
Malware Config
Extracted
https://urlchill.com/sc9YD
Targets
-
-
Target
24352a3a.docx
-
Size
10KB
-
MD5
41d36ccc9c5225adf6be4bfff6747788
-
SHA1
ca688ea823b17b517ba815a6e18efe431747cc95
-
SHA256
24352a3a3322b6766dde282ac9b416d7ad614509a22c6dd43b3e68a96e35120b
-
SHA512
1cde26e8e43d9cfef7e902c1cd397057f0b4049835618c94b9e49a1263d5408491a2361a7e3e1be75c0ca84ba8c10f0abe3a9cab032c156635d491112ea554cd
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-