General

  • Target

    651c8e0bbf331156743397142e81250994b5975b1fd1b6cf400bb0a610936098

  • Size

    263KB

  • Sample

    221120-n1kqlafc6s

  • MD5

    41e602458690a89ea73aa0396310ca70

  • SHA1

    4d6cb371459fd058822d33ddbe7700196e795477

  • SHA256

    651c8e0bbf331156743397142e81250994b5975b1fd1b6cf400bb0a610936098

  • SHA512

    7f0e24facb267bab08db18ffb0d81b436dcee696345ea4745a80d5d52762e1970046e9ab210165e5c821f43ecbafcc2111aaf128f14af9c222cc21c02fdf66a4

  • SSDEEP

    6144:k9Yzar9UGRZhirjkyvBR/wxE4UhsY0/0hhVaKgQ:TzmmGbhiH5NwS4UhsB/mTB

Malware Config

Targets

    • Target

      651c8e0bbf331156743397142e81250994b5975b1fd1b6cf400bb0a610936098

    • Size

      263KB

    • MD5

      41e602458690a89ea73aa0396310ca70

    • SHA1

      4d6cb371459fd058822d33ddbe7700196e795477

    • SHA256

      651c8e0bbf331156743397142e81250994b5975b1fd1b6cf400bb0a610936098

    • SHA512

      7f0e24facb267bab08db18ffb0d81b436dcee696345ea4745a80d5d52762e1970046e9ab210165e5c821f43ecbafcc2111aaf128f14af9c222cc21c02fdf66a4

    • SSDEEP

      6144:k9Yzar9UGRZhirjkyvBR/wxE4UhsY0/0hhVaKgQ:TzmmGbhiH5NwS4UhsB/mTB

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks