General

  • Target

    8089e0301f103563012f4569861e1d61ddd35890cdfd6bbe62dc0c09f6b4e5a8

  • Size

    3.5MB

  • Sample

    221127-yeemkadd58

  • MD5

    a3669e2690cfa09bf706053c4231fb06

  • SHA1

    7ab92667ee11edba4be2aba09c92e7b0e757d867

  • SHA256

    8089e0301f103563012f4569861e1d61ddd35890cdfd6bbe62dc0c09f6b4e5a8

  • SHA512

    ae7cd4fac2ec7cf94a9fec7af8beda003515c2d6335f89a783598e6bc6461e989caeb41f32b9e3a3117cbf85b4a61610099ef8ac81166bdcdfed10055a4ef7cf

  • SSDEEP

    98304:PqOtDhM4bp4Gx+Nj98JzquI0ce266Wv6j1oLRW:iuDhn9wTqWutImLRW

Malware Config

Targets

    • Target

      8089e0301f103563012f4569861e1d61ddd35890cdfd6bbe62dc0c09f6b4e5a8

    • Size

      3.5MB

    • MD5

      a3669e2690cfa09bf706053c4231fb06

    • SHA1

      7ab92667ee11edba4be2aba09c92e7b0e757d867

    • SHA256

      8089e0301f103563012f4569861e1d61ddd35890cdfd6bbe62dc0c09f6b4e5a8

    • SHA512

      ae7cd4fac2ec7cf94a9fec7af8beda003515c2d6335f89a783598e6bc6461e989caeb41f32b9e3a3117cbf85b4a61610099ef8ac81166bdcdfed10055a4ef7cf

    • SSDEEP

      98304:PqOtDhM4bp4Gx+Nj98JzquI0ce266Wv6j1oLRW:iuDhn9wTqWutImLRW

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks