General

  • Target

    tmp

  • Size

    4.9MB

  • Sample

    221017-fgnzxaaham

  • MD5

    290024f5f7f167a88cc8ba7d519b779f

  • SHA1

    78282a9fda7c8c0c51c69b9561eef76aa9ca4598

  • SHA256

    5514ce05c6ea46333f038410324debbe30e1884ec541d8db5cc91efde9be47c5

  • SHA512

    00aa4ba4d1ce6decbd46465335629ffe5a2e629a639d6c502a1a543dbf203163f1175030c5690ca257140354fe4cfde1b6861c552891d0bdb3443ce40a181a51

  • SSDEEP

    98304:zchPS0xpNqWt5EKHOPpCvoQGckG7gfDn5XTC4+wJsv6tWKFdu9CTvHUQxEhY:U6RpKHzvoVckrDCnwJsv6tWKFdu9CTCq

Malware Config

Targets

    • Target

      tmp

    • Size

      4.9MB

    • MD5

      290024f5f7f167a88cc8ba7d519b779f

    • SHA1

      78282a9fda7c8c0c51c69b9561eef76aa9ca4598

    • SHA256

      5514ce05c6ea46333f038410324debbe30e1884ec541d8db5cc91efde9be47c5

    • SHA512

      00aa4ba4d1ce6decbd46465335629ffe5a2e629a639d6c502a1a543dbf203163f1175030c5690ca257140354fe4cfde1b6861c552891d0bdb3443ce40a181a51

    • SSDEEP

      98304:zchPS0xpNqWt5EKHOPpCvoQGckG7gfDn5XTC4+wJsv6tWKFdu9CTvHUQxEhY:U6RpKHzvoVckrDCnwJsv6tWKFdu9CTCq

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks