General

  • Target

    SOA 620341.exe

  • Size

    59KB

  • Sample

    220913-nxv26abcfk

  • MD5

    dce28be3e495c85489a2b300402bcf4b

  • SHA1

    c8a7f31ff664cea30b3c1023d80aa54af63a50e9

  • SHA256

    8c540cb4a92ba085c74adc9c0181e52ed49d6e9edcbf63181e1b0a1357bfe2de

  • SHA512

    cba75c7dbd16b26eb048afac2c3058208a809c7e79dc7740a5bf75e7941ecf87cc883eac5eb3e9fa49f64f13283afc19b27b1a742ca6657ed378157de8412c9e

  • SSDEEP

    1536:IvYXYNK5uDUaQl+kzdC9GiZQWSwi/fUpS/fX/MNj:IvvQ5uis1Jy///f/MR

Malware Config

Targets

    • Target

      SOA 620341.exe

    • Size

      59KB

    • MD5

      dce28be3e495c85489a2b300402bcf4b

    • SHA1

      c8a7f31ff664cea30b3c1023d80aa54af63a50e9

    • SHA256

      8c540cb4a92ba085c74adc9c0181e52ed49d6e9edcbf63181e1b0a1357bfe2de

    • SHA512

      cba75c7dbd16b26eb048afac2c3058208a809c7e79dc7740a5bf75e7941ecf87cc883eac5eb3e9fa49f64f13283afc19b27b1a742ca6657ed378157de8412c9e

    • SSDEEP

      1536:IvYXYNK5uDUaQl+kzdC9GiZQWSwi/fUpS/fX/MNj:IvvQ5uis1Jy///f/MR

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks