General

  • Target

    89361ce17a00ce96bd1e00f3fa52a70b7452073a574dcfce434ac6cb7c19c28a

  • Size

    356KB

  • Sample

    221202-r2j28sbf6t

  • MD5

    75511b53abe0043964d875794773ac64

  • SHA1

    b0551f47c889b95418f593245c2c78269e6bf4eb

  • SHA256

    89361ce17a00ce96bd1e00f3fa52a70b7452073a574dcfce434ac6cb7c19c28a

  • SHA512

    36c2e2f73ca92da7fc4c794f8d15a10fcdadd9b8a31b406abb506c3fd44416b31704f9c927aaf6ad71a9e7de294d7311b628a85538b2e64ebf6f3978fb9cd550

  • SSDEEP

    6144:k9R9+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59U7niBb1dbf:EArEN249AyE/rbaMct4bO2/VU7iBbjr

Malware Config

Targets

    • Target

      89361ce17a00ce96bd1e00f3fa52a70b7452073a574dcfce434ac6cb7c19c28a

    • Size

      356KB

    • MD5

      75511b53abe0043964d875794773ac64

    • SHA1

      b0551f47c889b95418f593245c2c78269e6bf4eb

    • SHA256

      89361ce17a00ce96bd1e00f3fa52a70b7452073a574dcfce434ac6cb7c19c28a

    • SHA512

      36c2e2f73ca92da7fc4c794f8d15a10fcdadd9b8a31b406abb506c3fd44416b31704f9c927aaf6ad71a9e7de294d7311b628a85538b2e64ebf6f3978fb9cd550

    • SSDEEP

      6144:k9R9+rEg024fpLZazEjvE/rbay19tSt4bO2BaDmeBJe59U7niBb1dbf:EArEN249AyE/rbaMct4bO2/VU7iBbjr

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks