General
-
Target
88b595be3a022a6a1faa13f329241be4eeec52040072d1384030ab6cfb0d24c7
-
Size
4.2MB
-
Sample
220524-d3l2bsecb2
-
MD5
076c3c206eea88ba662d47b2b741d15a
-
SHA1
84a7899525a78fdd791d373b90e025dadfa3fad0
-
SHA256
88b595be3a022a6a1faa13f329241be4eeec52040072d1384030ab6cfb0d24c7
-
SHA512
e98bae8bdd3b02eb0015e7ec813729afe2eb8f6fda057414f7f508eff8fef69c4813a62323683fff29d2b829b4f008fab4edde652b61e2feb0af417d51584893
Malware Config
Targets
-
-
Target
88b595be3a022a6a1faa13f329241be4eeec52040072d1384030ab6cfb0d24c7
-
Size
4.2MB
-
MD5
076c3c206eea88ba662d47b2b741d15a
-
SHA1
84a7899525a78fdd791d373b90e025dadfa3fad0
-
SHA256
88b595be3a022a6a1faa13f329241be4eeec52040072d1384030ab6cfb0d24c7
-
SHA512
e98bae8bdd3b02eb0015e7ec813729afe2eb8f6fda057414f7f508eff8fef69c4813a62323683fff29d2b829b4f008fab4edde652b61e2feb0af417d51584893
Score10/10-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-