General
-
Target
Vega Sky Tools.exe
-
Size
407KB
-
Sample
220204-kg7t8sgabp
-
MD5
2ad0998f87934e69a5096fc036c04a01
-
SHA1
30e95b536fdcd6953bf0cb21557bf3e7970535a9
-
SHA256
5a877117c8502edae43d30c15f39bf566b420919533e91ea44ce8e5e2b6e76c4
-
SHA512
149ef87ec93771eac235d7baf11f74a466ff59dc959be49f0862b024a5f5e5a61b20e952bdf70573220edf3ef93a1816fae0ebdbc2138ef0efe8093d9a016bb6
Malware Config
Targets
-
-
Target
Vega Sky Tools.exe
-
Size
407KB
-
MD5
2ad0998f87934e69a5096fc036c04a01
-
SHA1
30e95b536fdcd6953bf0cb21557bf3e7970535a9
-
SHA256
5a877117c8502edae43d30c15f39bf566b420919533e91ea44ce8e5e2b6e76c4
-
SHA512
149ef87ec93771eac235d7baf11f74a466ff59dc959be49f0862b024a5f5e5a61b20e952bdf70573220edf3ef93a1816fae0ebdbc2138ef0efe8093d9a016bb6
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-