General

  • Target

    b8b18a1a5344dcac43360efcabd5979c7db8576e45610a2e3c766cd7d87185a6

  • Size

    1.2MB

  • Sample

    221019-gcw1dsfdcn

  • MD5

    ad867e3462b4ca5b553c0c0a33637217

  • SHA1

    842115d0d827dc6da2857a5a75f5f8d3db939416

  • SHA256

    b8b18a1a5344dcac43360efcabd5979c7db8576e45610a2e3c766cd7d87185a6

  • SHA512

    cc6373653e98ed590b356e3926cd357e14cfd109ecf0c101a7d0c55cf3b91831ef8c2a1b2444c46309fce05d33bac7a29bdc134b0028c699599005743ac973a8

  • SSDEEP

    24576:VQ6OeFhtaFMD8/rAwcxfJl94N68iRkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkj:VQ1eFva2k+fJla6iJsv6tWKFdu9C+

Malware Config

Targets

    • Target

      b8b18a1a5344dcac43360efcabd5979c7db8576e45610a2e3c766cd7d87185a6

    • Size

      1.2MB

    • MD5

      ad867e3462b4ca5b553c0c0a33637217

    • SHA1

      842115d0d827dc6da2857a5a75f5f8d3db939416

    • SHA256

      b8b18a1a5344dcac43360efcabd5979c7db8576e45610a2e3c766cd7d87185a6

    • SHA512

      cc6373653e98ed590b356e3926cd357e14cfd109ecf0c101a7d0c55cf3b91831ef8c2a1b2444c46309fce05d33bac7a29bdc134b0028c699599005743ac973a8

    • SSDEEP

      24576:VQ6OeFhtaFMD8/rAwcxfJl94N68iRkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkj:VQ1eFva2k+fJla6iJsv6tWKFdu9C+

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks