General

  • Target

    5440e334cb3154249b3ff24b0175e37894f8e75ff6534de473b3c80c6caca646

  • Size

    483KB

  • Sample

    220725-yleadaghdp

  • MD5

    b7e1308e8a504ec82b25ebec7d9a148c

  • SHA1

    e745ffddfaaae6f474db0fa1dfc0485925e02a2d

  • SHA256

    5440e334cb3154249b3ff24b0175e37894f8e75ff6534de473b3c80c6caca646

  • SHA512

    980415020fe1655ba77429a8bfa0d7661fc5a85953b3ff1c73861243c2c5b8619942ae15e0578dad366423125020bf64228a911ee856bc21ab6868ad2055af3a

Malware Config

Targets

    • Target

      5440e334cb3154249b3ff24b0175e37894f8e75ff6534de473b3c80c6caca646

    • Size

      483KB

    • MD5

      b7e1308e8a504ec82b25ebec7d9a148c

    • SHA1

      e745ffddfaaae6f474db0fa1dfc0485925e02a2d

    • SHA256

      5440e334cb3154249b3ff24b0175e37894f8e75ff6534de473b3c80c6caca646

    • SHA512

      980415020fe1655ba77429a8bfa0d7661fc5a85953b3ff1c73861243c2c5b8619942ae15e0578dad366423125020bf64228a911ee856bc21ab6868ad2055af3a

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks