General

  • Target

    675d64751eefe9a2af4254a4f6957ac5

  • Size

    384KB

  • Sample

    220914-n6m3xaaca6

  • MD5

    675d64751eefe9a2af4254a4f6957ac5

  • SHA1

    6f96c406bb3acb1f7af7b120f43fcd8f526cb321

  • SHA256

    cfa59023a6820fccfcd995c92427f3052bd161586efdc8aced27a2fa30dfbfeb

  • SHA512

    6c7c140de71f7dbe292243c8d4c99a673b73e0852eafd7a083e410eeafd1c31216fa19528965d37079932d87ea9ac7e789fa77915f06c27d327925c10f204d64

  • SSDEEP

    6144:jyH7xOc6H5c6HcT66vlmrbAFM9TXR1SHOCW4gGrPP5PbwL54jl59TBWAzNhALap7:ja74XTfCWTGrPxbs54x59TkVLapjj8M7

Malware Config

Targets

    • Target

      675d64751eefe9a2af4254a4f6957ac5

    • Size

      384KB

    • MD5

      675d64751eefe9a2af4254a4f6957ac5

    • SHA1

      6f96c406bb3acb1f7af7b120f43fcd8f526cb321

    • SHA256

      cfa59023a6820fccfcd995c92427f3052bd161586efdc8aced27a2fa30dfbfeb

    • SHA512

      6c7c140de71f7dbe292243c8d4c99a673b73e0852eafd7a083e410eeafd1c31216fa19528965d37079932d87ea9ac7e789fa77915f06c27d327925c10f204d64

    • SSDEEP

      6144:jyH7xOc6H5c6HcT66vlmrbAFM9TXR1SHOCW4gGrPP5PbwL54jl59TBWAzNhALap7:ja74XTfCWTGrPxbs54x59TkVLapjj8M7

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks