General

  • Target

    1c061338a92329304f65622959e94715f5c0f423cde1e9257ee5c6f031476929.exe

  • Size

    92KB

  • Sample

    220908-lkbrmsebe7

  • MD5

    3de3437d48ef8722871797908b2e6bd5

  • SHA1

    963aaff1cef80412c50da6998a7cad02d0eec6a4

  • SHA256

    1c061338a92329304f65622959e94715f5c0f423cde1e9257ee5c6f031476929

  • SHA512

    49e0d587ab3d7e41968fa1d653d8c65cb3a16802acfd6983d3c13a4ed35640738b7a73ee9fc21673c0049c74021734063a2bf1aed7beaa5ad25fdfcd0b93d076

  • SSDEEP

    1536:lZgR80+5/HFISWEmJ+iTf+bsXtgA2JYveqkrlgTyz6fStpqhhwvo:lm8x5/HWnf+bs9gHOWqkrlmE6fEqDAo

Malware Config

Targets

    • Target

      1c061338a92329304f65622959e94715f5c0f423cde1e9257ee5c6f031476929.exe

    • Size

      92KB

    • MD5

      3de3437d48ef8722871797908b2e6bd5

    • SHA1

      963aaff1cef80412c50da6998a7cad02d0eec6a4

    • SHA256

      1c061338a92329304f65622959e94715f5c0f423cde1e9257ee5c6f031476929

    • SHA512

      49e0d587ab3d7e41968fa1d653d8c65cb3a16802acfd6983d3c13a4ed35640738b7a73ee9fc21673c0049c74021734063a2bf1aed7beaa5ad25fdfcd0b93d076

    • SSDEEP

      1536:lZgR80+5/HFISWEmJ+iTf+bsXtgA2JYveqkrlgTyz6fStpqhhwvo:lm8x5/HWnf+bs9gHOWqkrlmE6fEqDAo

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks