General

  • Target

    e73a332118981d6b6ac09c9cdf0fb0012bb59772038361d5cff79aac26744b45

  • Size

    600KB

  • Sample

    220801-tgyq1addak

  • MD5

    5bfabaaf40312a75808a1ba556dba0d7

  • SHA1

    699ce914a4309743fd35a147e6f0bedb643b31d0

  • SHA256

    e73a332118981d6b6ac09c9cdf0fb0012bb59772038361d5cff79aac26744b45

  • SHA512

    f1d19952bf636703e6d50a2a35a2d44f608d06ed9abfe3bc2c6bc4a6950d8c974af81ad7cd5469ab53505717c0ba9aa6e9fac0599e44795f27af93ea49142f70

Malware Config

Targets

    • Target

      e73a332118981d6b6ac09c9cdf0fb0012bb59772038361d5cff79aac26744b45

    • Size

      600KB

    • MD5

      5bfabaaf40312a75808a1ba556dba0d7

    • SHA1

      699ce914a4309743fd35a147e6f0bedb643b31d0

    • SHA256

      e73a332118981d6b6ac09c9cdf0fb0012bb59772038361d5cff79aac26744b45

    • SHA512

      f1d19952bf636703e6d50a2a35a2d44f608d06ed9abfe3bc2c6bc4a6950d8c974af81ad7cd5469ab53505717c0ba9aa6e9fac0599e44795f27af93ea49142f70

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks