General

  • Target

    tmp

  • Size

    555KB

  • Sample

    221017-fdjwsaafg4

  • MD5

    30a1ae80a5a4f3de9bafadcabb2c5671

  • SHA1

    58806c79563a4706ff8018a29ca4a85cfcf65c76

  • SHA256

    1014e19ed387f6fb4508e963ca2c35777551ae16a03471a0a15ac30bb0d2a521

  • SHA512

    6583d6a3c85584919809f4e40763a717c4a22aa2386bcdca0ae646f656fef7480a193b1551310075ef50f57865018db0c20869e55c6e667eff54ca5b28ec6c44

  • SSDEEP

    12288:2bROJmafSPZDz7qElw2KxPo0q7qzC9b/uEvtHKYTsviIR8Cufe9ZqQwExr//pmai:2Mrf7iaNVxow7vebdZ

Malware Config

Targets

    • Target

      tmp

    • Size

      555KB

    • MD5

      30a1ae80a5a4f3de9bafadcabb2c5671

    • SHA1

      58806c79563a4706ff8018a29ca4a85cfcf65c76

    • SHA256

      1014e19ed387f6fb4508e963ca2c35777551ae16a03471a0a15ac30bb0d2a521

    • SHA512

      6583d6a3c85584919809f4e40763a717c4a22aa2386bcdca0ae646f656fef7480a193b1551310075ef50f57865018db0c20869e55c6e667eff54ca5b28ec6c44

    • SSDEEP

      12288:2bROJmafSPZDz7qElw2KxPo0q7qzC9b/uEvtHKYTsviIR8Cufe9ZqQwExr//pmai:2Mrf7iaNVxow7vebdZ

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks