General

  • Target

    0c3bd6d331bf222deefd3fba802c3e77cfc5bee342b58ea9e5904279ad86dbe7

  • Size

    2.4MB

  • Sample

    221018-ppnhsafge7

  • MD5

    0463db402d87d4291346b78418bdacc4

  • SHA1

    d928cbe7f2f76735c260ce0c29894e9f6676abe9

  • SHA256

    0c3bd6d331bf222deefd3fba802c3e77cfc5bee342b58ea9e5904279ad86dbe7

  • SHA512

    f72e83070b28dec0d2020474c3ba91eff7f1abd51db0c25f70cbdcda4174af88210655392e19d38d086e7f1bae72cf0f74ffa201a72167e294dd6c7daec7c34d

  • SSDEEP

    49152:HQslDhz9q6kCL1FSzTUgcwV5OMehbf3WmfHDm0+Yjm:PzoIFTc87jm

Malware Config

Targets

    • Target

      0c3bd6d331bf222deefd3fba802c3e77cfc5bee342b58ea9e5904279ad86dbe7

    • Size

      2.4MB

    • MD5

      0463db402d87d4291346b78418bdacc4

    • SHA1

      d928cbe7f2f76735c260ce0c29894e9f6676abe9

    • SHA256

      0c3bd6d331bf222deefd3fba802c3e77cfc5bee342b58ea9e5904279ad86dbe7

    • SHA512

      f72e83070b28dec0d2020474c3ba91eff7f1abd51db0c25f70cbdcda4174af88210655392e19d38d086e7f1bae72cf0f74ffa201a72167e294dd6c7daec7c34d

    • SSDEEP

      49152:HQslDhz9q6kCL1FSzTUgcwV5OMehbf3WmfHDm0+Yjm:PzoIFTc87jm

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks