General
-
Target
5594f6e20dacbe0ec1d44d67e32e9daea2be4cf24fc652ffad0d936e6404cda5
-
Size
1.2MB
-
Sample
220219-2mq74sfabm
-
MD5
09925e11b3ee2418b6eb509683e8a0a7
-
SHA1
39eea627430449a78d6bace35b02adee400ed2e2
-
SHA256
5594f6e20dacbe0ec1d44d67e32e9daea2be4cf24fc652ffad0d936e6404cda5
-
SHA512
e8c2b3e47292862431e5ca95e9e117b31f1b43b309e86c2b73f562fe4fd93b0666b2aa54514b40fb1b5c8ca736a72134ffe39bf8f7bcff67881ae1528e8d32a9
Malware Config
Targets
-
-
Target
5594f6e20dacbe0ec1d44d67e32e9daea2be4cf24fc652ffad0d936e6404cda5
-
Size
1.2MB
-
MD5
09925e11b3ee2418b6eb509683e8a0a7
-
SHA1
39eea627430449a78d6bace35b02adee400ed2e2
-
SHA256
5594f6e20dacbe0ec1d44d67e32e9daea2be4cf24fc652ffad0d936e6404cda5
-
SHA512
e8c2b3e47292862431e5ca95e9e117b31f1b43b309e86c2b73f562fe4fd93b0666b2aa54514b40fb1b5c8ca736a72134ffe39bf8f7bcff67881ae1528e8d32a9
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-