General

  • Target

    5e9bc7c0a96d7e74528bb36a0b87be926174824ee067f29ea133de529bbbd6d6

  • Size

    180KB

  • Sample

    220731-yg7q5adfd8

  • MD5

    655fb8597c6653b928f6b2fe13f70730

  • SHA1

    891b8521e1aa78caa05efea6bf5772570ac8835c

  • SHA256

    5e9bc7c0a96d7e74528bb36a0b87be926174824ee067f29ea133de529bbbd6d6

  • SHA512

    2b0b5afb0998e915d5ec7dafb31a927e34b35ff1346c1bc4a31148cc13ad7ae704d33eb528cf7207ffc8287cf8ab52c5e1e972682135864ad593795d28f55117

Malware Config

Targets

    • Target

      5e9bc7c0a96d7e74528bb36a0b87be926174824ee067f29ea133de529bbbd6d6

    • Size

      180KB

    • MD5

      655fb8597c6653b928f6b2fe13f70730

    • SHA1

      891b8521e1aa78caa05efea6bf5772570ac8835c

    • SHA256

      5e9bc7c0a96d7e74528bb36a0b87be926174824ee067f29ea133de529bbbd6d6

    • SHA512

      2b0b5afb0998e915d5ec7dafb31a927e34b35ff1346c1bc4a31148cc13ad7ae704d33eb528cf7207ffc8287cf8ab52c5e1e972682135864ad593795d28f55117

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks