General
-
Target
4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e
-
Size
865KB
-
Sample
220712-exhbmadcf2
-
MD5
deee619a418c023514ef8b7718d90765
-
SHA1
bbe82e87213cf879f486b585dae6349abbd413e9
-
SHA256
4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e
-
SHA512
25aa54222133a41af3891f9af30448efd907c8e96e893c478928c19c2e891d0676576d02373d4ed7beb120043024de221071db0303b51a03592bdbece65a2f55
Malware Config
Targets
-
-
Target
4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e
-
Size
865KB
-
MD5
deee619a418c023514ef8b7718d90765
-
SHA1
bbe82e87213cf879f486b585dae6349abbd413e9
-
SHA256
4d040679225b6170cd3b2218575cb8c50dc2643ef2722bf4d7e625be2df4e13e
-
SHA512
25aa54222133a41af3891f9af30448efd907c8e96e893c478928c19c2e891d0676576d02373d4ed7beb120043024de221071db0303b51a03592bdbece65a2f55
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-