General

  • Target

    09a7dfd655e32fcfe867482d22f8d32a3c1ad3d8e9af1a8d65b33e7ea963b700

  • Size

    2.4MB

  • Sample

    221018-pptpssfge9

  • MD5

    96043be47e7675254c087b7066a4794c

  • SHA1

    6469980d6a93b331076ebc682356db3d728dbb27

  • SHA256

    09a7dfd655e32fcfe867482d22f8d32a3c1ad3d8e9af1a8d65b33e7ea963b700

  • SHA512

    8920aff5c83ca2433fa1b3a8633986408dca33948d1b307c296587795b6f902a0bdf06ca2053a238d4914b1ab39c4ac56d618f95bf0e986a2c9c98622d92c712

  • SSDEEP

    49152:S+65x7a/n6DbGITGf5MTGa2xEdjxucTMYSH+hHftIom+i89sYpV:QUCbGIstaQEdhotH8HftIX+i891V

Malware Config

Targets

    • Target

      09a7dfd655e32fcfe867482d22f8d32a3c1ad3d8e9af1a8d65b33e7ea963b700

    • Size

      2.4MB

    • MD5

      96043be47e7675254c087b7066a4794c

    • SHA1

      6469980d6a93b331076ebc682356db3d728dbb27

    • SHA256

      09a7dfd655e32fcfe867482d22f8d32a3c1ad3d8e9af1a8d65b33e7ea963b700

    • SHA512

      8920aff5c83ca2433fa1b3a8633986408dca33948d1b307c296587795b6f902a0bdf06ca2053a238d4914b1ab39c4ac56d618f95bf0e986a2c9c98622d92c712

    • SSDEEP

      49152:S+65x7a/n6DbGITGf5MTGa2xEdjxucTMYSH+hHftIom+i89sYpV:QUCbGIstaQEdhotH8HftIX+i891V

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Creates new service(s)

    • Executes dropped EXE

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks