General
-
Target
1ea138c7fd270398eed1405b712d21e9701414dce456906495167bcd3714a47c
-
Size
681KB
-
Sample
221121-nh2amagd56
-
MD5
40092004b51d8c4346deb31e41f72a60
-
SHA1
5a7893aea234ef7679c36a3972a3d5b0f9a34df5
-
SHA256
1ea138c7fd270398eed1405b712d21e9701414dce456906495167bcd3714a47c
-
SHA512
d1de9f7a3225c175cf25bd96d62bd30b26b2a5fa3f8de96904e6b8e1f73c51885cd233b5e41710d119f6d9833394d568ce694bee40b57a1c99225f2ba83a9db6
-
SSDEEP
6144:k9lF0hkq5/4jqI3iS6tk+zgk/tiM5S2FPMCjDEdGDocflidxv49YtmXtpkNXLYKl:ymhkq5wjqImzUkd5BE2XmgCGY8GJFHz9
Malware Config
Targets
-
-
Target
1ea138c7fd270398eed1405b712d21e9701414dce456906495167bcd3714a47c
-
Size
681KB
-
MD5
40092004b51d8c4346deb31e41f72a60
-
SHA1
5a7893aea234ef7679c36a3972a3d5b0f9a34df5
-
SHA256
1ea138c7fd270398eed1405b712d21e9701414dce456906495167bcd3714a47c
-
SHA512
d1de9f7a3225c175cf25bd96d62bd30b26b2a5fa3f8de96904e6b8e1f73c51885cd233b5e41710d119f6d9833394d568ce694bee40b57a1c99225f2ba83a9db6
-
SSDEEP
6144:k9lF0hkq5/4jqI3iS6tk+zgk/tiM5S2FPMCjDEdGDocflidxv49YtmXtpkNXLYKl:ymhkq5wjqImzUkd5BE2XmgCGY8GJFHz9
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-