General

  • Target

    4881074b62e43bd86cb3cc7f5192bdfe3f908073c499e94fcb7fe2bd5e704cc4

  • Size

    300KB

  • Sample

    221001-v66ctaghf6

  • MD5

    61bfacc7d54647f30cf13ac0f8d4c820

  • SHA1

    d3fda44a14c7920dddb0d67663b0703b1ee785d7

  • SHA256

    4881074b62e43bd86cb3cc7f5192bdfe3f908073c499e94fcb7fe2bd5e704cc4

  • SHA512

    d8fb499ad893f38e2d31f41822f3957f8717bc4ccf46a8ff59b1b9c8b385e5477431a19e850e2be5ba2e665e053d79d5072bfef1040d705864ab6d3b56d57b13

  • SSDEEP

    6144:RsSc4fw3yYt46/C9TOFGUsoY8yQ0bZa2v8O8oUoOyM7q:bc4qy76/EBUc8xSZH/04Mm

Malware Config

Targets

    • Target

      4881074b62e43bd86cb3cc7f5192bdfe3f908073c499e94fcb7fe2bd5e704cc4

    • Size

      300KB

    • MD5

      61bfacc7d54647f30cf13ac0f8d4c820

    • SHA1

      d3fda44a14c7920dddb0d67663b0703b1ee785d7

    • SHA256

      4881074b62e43bd86cb3cc7f5192bdfe3f908073c499e94fcb7fe2bd5e704cc4

    • SHA512

      d8fb499ad893f38e2d31f41822f3957f8717bc4ccf46a8ff59b1b9c8b385e5477431a19e850e2be5ba2e665e053d79d5072bfef1040d705864ab6d3b56d57b13

    • SSDEEP

      6144:RsSc4fw3yYt46/C9TOFGUsoY8yQ0bZa2v8O8oUoOyM7q:bc4qy76/EBUc8xSZH/04Mm

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks