General

  • Target

    faf16c3e8560cc5ce85a4a4391b4a91a7b69660669a3ada8680f499a81e91a33

  • Size

    974KB

  • Sample

    221002-fnpvsahfe8

  • MD5

    422a81463d02e1311f42bd2c6f6643b3

  • SHA1

    bcd6da8d6660f5ce5daa73c22209ce1e61d3b057

  • SHA256

    faf16c3e8560cc5ce85a4a4391b4a91a7b69660669a3ada8680f499a81e91a33

  • SHA512

    70b0c7c56af7dc87c43c3347544e3e73c0fb862643e24adc453f1d59f90d1042b76b499f2fe9a60e1d191bf4d0cd499c5f27a40fa7c91fc043f2ed27f9ce5011

  • SSDEEP

    24576:fsQTlvu/oX/ZBOUtKFlIvnTPLNojuDKY+lhBIbnO:pq8/ZBOUu8jLNojJwrO

Malware Config

Targets

    • Target

      faf16c3e8560cc5ce85a4a4391b4a91a7b69660669a3ada8680f499a81e91a33

    • Size

      974KB

    • MD5

      422a81463d02e1311f42bd2c6f6643b3

    • SHA1

      bcd6da8d6660f5ce5daa73c22209ce1e61d3b057

    • SHA256

      faf16c3e8560cc5ce85a4a4391b4a91a7b69660669a3ada8680f499a81e91a33

    • SHA512

      70b0c7c56af7dc87c43c3347544e3e73c0fb862643e24adc453f1d59f90d1042b76b499f2fe9a60e1d191bf4d0cd499c5f27a40fa7c91fc043f2ed27f9ce5011

    • SSDEEP

      24576:fsQTlvu/oX/ZBOUtKFlIvnTPLNojuDKY+lhBIbnO:pq8/ZBOUu8jLNojJwrO

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks