General

  • Target

    47a317d86f2ef55982e1fe8479f442a857c7c761c68391388422c2af29d0a490

  • Size

    170KB

  • Sample

    221019-gcytzsegf6

  • MD5

    28560fed059be76cdd8a9aa3700b186f

  • SHA1

    479c6a273c20a6e84c84b5895cbff6624219620d

  • SHA256

    47a317d86f2ef55982e1fe8479f442a857c7c761c68391388422c2af29d0a490

  • SHA512

    6c9b164ec226450892f1c548512ee347469d2f95ac857b31f86942b79ce571628f96369942f351fb9a2ced1b0541f7d200834d751765bfc5a0bb3afb4dbbaf5f

  • SSDEEP

    3072:sr85CRo8moVmGspyMOoW8xAVo8WjEuZe0tzL2V4V:k9q8ZQVOoWSAzaa4ei

Malware Config

Targets

    • Target

      47a317d86f2ef55982e1fe8479f442a857c7c761c68391388422c2af29d0a490

    • Size

      170KB

    • MD5

      28560fed059be76cdd8a9aa3700b186f

    • SHA1

      479c6a273c20a6e84c84b5895cbff6624219620d

    • SHA256

      47a317d86f2ef55982e1fe8479f442a857c7c761c68391388422c2af29d0a490

    • SHA512

      6c9b164ec226450892f1c548512ee347469d2f95ac857b31f86942b79ce571628f96369942f351fb9a2ced1b0541f7d200834d751765bfc5a0bb3afb4dbbaf5f

    • SSDEEP

      3072:sr85CRo8moVmGspyMOoW8xAVo8WjEuZe0tzL2V4V:k9q8ZQVOoWSAzaa4ei

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks