General

  • Target

    2c7a1f6b5aa31a6288e68a424c1c62ff

  • Size

    350KB

  • Sample

    220914-n5nm2sabh8

  • MD5

    2c7a1f6b5aa31a6288e68a424c1c62ff

  • SHA1

    b4acc723196e022f89febd09007d98341e4c00d2

  • SHA256

    6a38c4241dcee7a93fadbf05e5118c09b71b0c0d6d51f7a0e29db9595e09e85b

  • SHA512

    678af85b4a230a683024024436542e5d35356a7d7fa3e02836a43dd800be2a7c4b33521bdd09a5366edaca7a8dcb8758faff40ed7a288b1c1b1f8e3ab7167870

  • SSDEEP

    6144:k9VGr8AIPU5MWprUeRUq4ryH7xOc6H5c6HcT66vlmrRUeRUqoryH7xOc6H5c6Hct:YGQAkmAeia9eKaj

Malware Config

Targets

    • Target

      2c7a1f6b5aa31a6288e68a424c1c62ff

    • Size

      350KB

    • MD5

      2c7a1f6b5aa31a6288e68a424c1c62ff

    • SHA1

      b4acc723196e022f89febd09007d98341e4c00d2

    • SHA256

      6a38c4241dcee7a93fadbf05e5118c09b71b0c0d6d51f7a0e29db9595e09e85b

    • SHA512

      678af85b4a230a683024024436542e5d35356a7d7fa3e02836a43dd800be2a7c4b33521bdd09a5366edaca7a8dcb8758faff40ed7a288b1c1b1f8e3ab7167870

    • SSDEEP

      6144:k9VGr8AIPU5MWprUeRUq4ryH7xOc6H5c6HcT66vlmrRUeRUqoryH7xOc6H5c6Hct:YGQAkmAeia9eKaj

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks