General

  • Target

    3890b8381d0097b70797e484f40d0df3.exe

  • Size

    5.4MB

  • Sample

    230807-qph4qsfe32

  • MD5

    3890b8381d0097b70797e484f40d0df3

  • SHA1

    43f2196a11285902cab38264f64a0fd545161b44

  • SHA256

    dfea487c68b65aafc445658ea66473de74997a46a9ebf5b0123d1031a2432305

  • SHA512

    f3091690ce65f294b298014dbd4ee8e46f2de302d9aff3ba75c3caf801378debd840b65534f8a8edad58d72a92eb1119379f628e7bff86d63a738b79a945b722

  • SSDEEP

    98304:U98aK6oZt3D1RkS5OS0yionLTKnVhoDXDDm4O5DBur00H6qfe:yrK6oLD1GN3Xo6sDX3lUlY0Y6qfe

Malware Config

Targets

    • Target

      3890b8381d0097b70797e484f40d0df3.exe

    • Size

      5.4MB

    • MD5

      3890b8381d0097b70797e484f40d0df3

    • SHA1

      43f2196a11285902cab38264f64a0fd545161b44

    • SHA256

      dfea487c68b65aafc445658ea66473de74997a46a9ebf5b0123d1031a2432305

    • SHA512

      f3091690ce65f294b298014dbd4ee8e46f2de302d9aff3ba75c3caf801378debd840b65534f8a8edad58d72a92eb1119379f628e7bff86d63a738b79a945b722

    • SSDEEP

      98304:U98aK6oZt3D1RkS5OS0yionLTKnVhoDXDDm4O5DBur00H6qfe:yrK6oLD1GN3Xo6sDX3lUlY0Y6qfe

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Modifies Windows Firewall

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks