General
-
Target
257a357dc64c7d4871530c4b41e5f054ab6f749df1dd16a69c5c04950d166fb0
-
Size
241KB
-
Sample
221126-dfqe8sga64
-
MD5
97f7a7ad53491eb2e18328d8dae38379
-
SHA1
8a6d22a8d0d0fdba8b0a79687c7a4b47bbcda7bd
-
SHA256
257a357dc64c7d4871530c4b41e5f054ab6f749df1dd16a69c5c04950d166fb0
-
SHA512
d26fb30bcf7c38cf4b970b51119bea5ea1a797bb52b8fbd153d514273be588740a4e52e1bfd2d88ca00ee1c76d2d7d7181f3fde5e319b0d9166d292524a7216e
-
SSDEEP
6144:k9iC6qV9rOrtpBvBr54Tc/PgdNMxaFlxf0q4:n8OrvRX0Mxk4
Malware Config
Targets
-
-
Target
257a357dc64c7d4871530c4b41e5f054ab6f749df1dd16a69c5c04950d166fb0
-
Size
241KB
-
MD5
97f7a7ad53491eb2e18328d8dae38379
-
SHA1
8a6d22a8d0d0fdba8b0a79687c7a4b47bbcda7bd
-
SHA256
257a357dc64c7d4871530c4b41e5f054ab6f749df1dd16a69c5c04950d166fb0
-
SHA512
d26fb30bcf7c38cf4b970b51119bea5ea1a797bb52b8fbd153d514273be588740a4e52e1bfd2d88ca00ee1c76d2d7d7181f3fde5e319b0d9166d292524a7216e
-
SSDEEP
6144:k9iC6qV9rOrtpBvBr54Tc/PgdNMxaFlxf0q4:n8OrvRX0Mxk4
Score10/10-
Detect Neshta payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-