General

  • Target

    dcfa2dc958efab924a16785ab725aa25ae4ae8f322cf37199455cdb1892817fe

  • Size

    871KB

  • Sample

    221001-wjvs8sheb8

  • MD5

    743f9d12268b032178bf84da71e5b540

  • SHA1

    205f65c40d81c4f21f3b8815301b8e159e33d7a4

  • SHA256

    dcfa2dc958efab924a16785ab725aa25ae4ae8f322cf37199455cdb1892817fe

  • SHA512

    14c5488bcbb0f4d93d8a947581ea1d4329d1fd069dfddba8fb658b7079c8bfc94ff8b15d7096d7e2fd9c4c2437e258480dd0c732d1dfc2d43368e09012b967ff

  • SSDEEP

    12288:nKjZA27e8blyJx/QljSIO6duGgeV28xLZi8dywvP5XuyH/3jOIwI3:Kj26hyJxS+Ize4xti83u+TOIwI3

Malware Config

Targets

    • Target

      dcfa2dc958efab924a16785ab725aa25ae4ae8f322cf37199455cdb1892817fe

    • Size

      871KB

    • MD5

      743f9d12268b032178bf84da71e5b540

    • SHA1

      205f65c40d81c4f21f3b8815301b8e159e33d7a4

    • SHA256

      dcfa2dc958efab924a16785ab725aa25ae4ae8f322cf37199455cdb1892817fe

    • SHA512

      14c5488bcbb0f4d93d8a947581ea1d4329d1fd069dfddba8fb658b7079c8bfc94ff8b15d7096d7e2fd9c4c2437e258480dd0c732d1dfc2d43368e09012b967ff

    • SSDEEP

      12288:nKjZA27e8blyJx/QljSIO6duGgeV28xLZi8dywvP5XuyH/3jOIwI3:Kj26hyJxS+Ize4xti83u+TOIwI3

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks