General
-
Target
c26d2845d2604bc24b29fa8e749db634676b1f81448c776f9c64791560730782
-
Size
1.5MB
-
Sample
220206-kwdvpshac2
-
MD5
2fbb94d957f46cbf8fc41d864e754433
-
SHA1
ad19acfa0033a234a3a326f25fd10bf0c3cf58f8
-
SHA256
c26d2845d2604bc24b29fa8e749db634676b1f81448c776f9c64791560730782
-
SHA512
be4a043eb6725f00388bb0e23a24ce5ace24f8c491eb092085b3d92b0023b4fa2bd7f5c347d27841e0a4171b816d0a3a6df324e270fd0fa3496b49dab825f7ef
Malware Config
Targets
-
-
Target
c26d2845d2604bc24b29fa8e749db634676b1f81448c776f9c64791560730782
-
Size
1.5MB
-
MD5
2fbb94d957f46cbf8fc41d864e754433
-
SHA1
ad19acfa0033a234a3a326f25fd10bf0c3cf58f8
-
SHA256
c26d2845d2604bc24b29fa8e749db634676b1f81448c776f9c64791560730782
-
SHA512
be4a043eb6725f00388bb0e23a24ce5ace24f8c491eb092085b3d92b0023b4fa2bd7f5c347d27841e0a4171b816d0a3a6df324e270fd0fa3496b49dab825f7ef
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled
-