General

  • Target

    228797bb3c4120ea0133ed914a76d2f2b6479b488bfd576380654318ae9f5fbe

  • Size

    504KB

  • Sample

    221002-fpaggshfg3

  • MD5

    642b2f6674c46d5b6a26b157af24c850

  • SHA1

    0a8b5657647fb9c99b61a0898bd148ef7cfa90a8

  • SHA256

    228797bb3c4120ea0133ed914a76d2f2b6479b488bfd576380654318ae9f5fbe

  • SHA512

    d0b2f96248f33268f13791efa26349a1fc42a23be808e973d1410821ac13177c9a62405771613bc6e069053449483444ee34c1f1b048475ff4b2e1dca0298387

  • SSDEEP

    12288:nbEvHJ3ChikGmBV2QhEipJ9jwoJbTqCk9Q1Tlu9IXpaE:nIveiKV2tCJJTq5O1eUpaE

Malware Config

Targets

    • Target

      228797bb3c4120ea0133ed914a76d2f2b6479b488bfd576380654318ae9f5fbe

    • Size

      504KB

    • MD5

      642b2f6674c46d5b6a26b157af24c850

    • SHA1

      0a8b5657647fb9c99b61a0898bd148ef7cfa90a8

    • SHA256

      228797bb3c4120ea0133ed914a76d2f2b6479b488bfd576380654318ae9f5fbe

    • SHA512

      d0b2f96248f33268f13791efa26349a1fc42a23be808e973d1410821ac13177c9a62405771613bc6e069053449483444ee34c1f1b048475ff4b2e1dca0298387

    • SSDEEP

      12288:nbEvHJ3ChikGmBV2QhEipJ9jwoJbTqCk9Q1Tlu9IXpaE:nIveiKV2tCJJTq5O1eUpaE

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks