General

  • Target

    91592056cd339d6e29a9733579036f0f1a75906256b617053aa5f056df7c0d6f

  • Size

    850KB

  • Sample

    221019-gc6jtsegf8

  • MD5

    a0c2154ccbd722ee7993fa70e25729f8

  • SHA1

    f32540af1ae5aaf9d3269755f4ac20b356d1779f

  • SHA256

    91592056cd339d6e29a9733579036f0f1a75906256b617053aa5f056df7c0d6f

  • SHA512

    a32a082d1b47b00f0188565585784cf533a44ae7646770dc37f9d071c0b22ae8e65a0822c475d0234cdd1f8b9d7ad561f814e5bf02c08452f8875ae431c43dfe

  • SSDEEP

    24576:YMn9QjsqV+cFjZL48DQ8RZl5I7IW+w8C9I34YS8ibHQtEXeHe4nYDLCDmvmztD0a:/9QjskjZL48DQ8RZl5I7IW+w8C9I34YZ

Malware Config

Targets

    • Target

      91592056cd339d6e29a9733579036f0f1a75906256b617053aa5f056df7c0d6f

    • Size

      850KB

    • MD5

      a0c2154ccbd722ee7993fa70e25729f8

    • SHA1

      f32540af1ae5aaf9d3269755f4ac20b356d1779f

    • SHA256

      91592056cd339d6e29a9733579036f0f1a75906256b617053aa5f056df7c0d6f

    • SHA512

      a32a082d1b47b00f0188565585784cf533a44ae7646770dc37f9d071c0b22ae8e65a0822c475d0234cdd1f8b9d7ad561f814e5bf02c08452f8875ae431c43dfe

    • SSDEEP

      24576:YMn9QjsqV+cFjZL48DQ8RZl5I7IW+w8C9I34YS8ibHQtEXeHe4nYDLCDmvmztD0a:/9QjskjZL48DQ8RZl5I7IW+w8C9I34YZ

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks