General

  • Target

    6107285.exe

  • Size

    14KB

  • Sample

    220910-wxk6ysebgn

  • MD5

    142a1cef6dc6917bcc76913f7550e61b

  • SHA1

    8fcd730901894a0fd598e18d478324073e33c153

  • SHA256

    ede030f3b4d200ca8d87d865ed75cec04cb870ff4684663072268ebe43d6cf83

  • SHA512

    4ceb2d938d97816c3edc3005613a65313904f9cab6762a0309ca21bd21e9078bd84564a1a13dec1aece0958c80350983688a5985c57581e5386b4c0bafff309d

  • SSDEEP

    192:f4CbAoJrZrnyME2XauzZJmv0ia6OLWw5VPbPOwNMRnOBbfFPM8xsMJSZ5i:fnLNpzLmlOLWw5VPb2wNSOXHJ0

Malware Config

Targets

    • Target

      6107285.exe

    • Size

      14KB

    • MD5

      142a1cef6dc6917bcc76913f7550e61b

    • SHA1

      8fcd730901894a0fd598e18d478324073e33c153

    • SHA256

      ede030f3b4d200ca8d87d865ed75cec04cb870ff4684663072268ebe43d6cf83

    • SHA512

      4ceb2d938d97816c3edc3005613a65313904f9cab6762a0309ca21bd21e9078bd84564a1a13dec1aece0958c80350983688a5985c57581e5386b4c0bafff309d

    • SSDEEP

      192:f4CbAoJrZrnyME2XauzZJmv0ia6OLWw5VPbPOwNMRnOBbfFPM8xsMJSZ5i:fnLNpzLmlOLWw5VPb2wNSOXHJ0

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks