General
-
Target
VMMGuestAgent.exe
-
Size
382KB
-
Sample
221127-tmpehsaf88
-
MD5
8acee801151dd9f7a3326be10f783b50
-
SHA1
6a97b32816592c0c9fb1851fcb3a0f6809da8e97
-
SHA256
dfd10d42abaefdf115bbd5eb814ad8dcabd46f488318d68ca16353f52384618a
-
SHA512
8dc15daad699f9208ddab4d1aef6d6ec4182131d916e6b9728532f355b9253699442536ce0502dcafab38284822cd7d65c5d49983711b1e439abde1ad07436bd
-
SSDEEP
6144:k9d7dUM6bMqCI/aEq7qLlxJZWbcWePeGpd8IbWvr8dEwwwwjoVnfyAU:m7qM6WSlFWbcWePeGpOIGrKVfVU
Malware Config
Targets
-
-
Target
VMMGuestAgent.exe
-
Size
382KB
-
MD5
8acee801151dd9f7a3326be10f783b50
-
SHA1
6a97b32816592c0c9fb1851fcb3a0f6809da8e97
-
SHA256
dfd10d42abaefdf115bbd5eb814ad8dcabd46f488318d68ca16353f52384618a
-
SHA512
8dc15daad699f9208ddab4d1aef6d6ec4182131d916e6b9728532f355b9253699442536ce0502dcafab38284822cd7d65c5d49983711b1e439abde1ad07436bd
-
SSDEEP
6144:k9d7dUM6bMqCI/aEq7qLlxJZWbcWePeGpd8IbWvr8dEwwwwjoVnfyAU:m7qM6WSlFWbcWePeGpOIGrKVfVU
Score10/10-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-