General
-
Target
05cc5b2de4449992125e6e90608f2302
-
Size
1.3MB
-
Sample
231229-2jgt9sfbeq
-
MD5
05cc5b2de4449992125e6e90608f2302
-
SHA1
ce34a24aba7279962957093f154c6956542d5b8f
-
SHA256
aa7887ec53dce8c5b5b24952d301e8d9918a440df6d2362b077c8171f5376566
-
SHA512
ee25be599e8c76b8eafd4192ba9d015f4460dabf1231804c6fbb73e7d3502f8d9882389d7b448ab288d192a2f914758e6704b1c08df8bfc45df3ba2288bdc980
-
SSDEEP
12288:UwYhZawoQC0Z0uH7h2ZsIfm+yWBGUATczdqOc4ClSTubgdIb+lmh3EXmPLl8/iLq:sCn1ZsjM9A4z4ST9mukk
Malware Config
Targets
-
-
Target
05cc5b2de4449992125e6e90608f2302
-
Size
1.3MB
-
MD5
05cc5b2de4449992125e6e90608f2302
-
SHA1
ce34a24aba7279962957093f154c6956542d5b8f
-
SHA256
aa7887ec53dce8c5b5b24952d301e8d9918a440df6d2362b077c8171f5376566
-
SHA512
ee25be599e8c76b8eafd4192ba9d015f4460dabf1231804c6fbb73e7d3502f8d9882389d7b448ab288d192a2f914758e6704b1c08df8bfc45df3ba2288bdc980
-
SSDEEP
12288:UwYhZawoQC0Z0uH7h2ZsIfm+yWBGUATczdqOc4ClSTubgdIb+lmh3EXmPLl8/iLq:sCn1ZsjM9A4z4ST9mukk
Score10/10-
Detect Neshta payload
-
Imminent RAT
Remote-access trojan based on Imminent Monitor remote admin software.
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-