General
-
Target
fdfc6a52ba1cba4c242d0eb70fdcbaf2eb30dce8a39cecf179956457033730a6
-
Size
89KB
-
Sample
240203-vseb6sgfel
-
MD5
c96aaea26eb68728d110271aff839957
-
SHA1
738890a45ffe8e3f2972628c53eb0d3ef5d51390
-
SHA256
fdfc6a52ba1cba4c242d0eb70fdcbaf2eb30dce8a39cecf179956457033730a6
-
SHA512
292c1d579781655ab431eb5de949f69d84a6a73d9c50fa80b6a6b7ca5c7afd8e57e4ba49c12ac4d18d72de40ed5ba213ef62c4024e4bc932421071c9813b319a
-
SSDEEP
1536:JxqjQ+P04wsmJCJygB2korxag318HxZATvnsblYOwwUB:sr85CJyS2koVp318RZEvsbyOCB
Malware Config
Targets
-
-
Target
fdfc6a52ba1cba4c242d0eb70fdcbaf2eb30dce8a39cecf179956457033730a6
-
Size
89KB
-
MD5
c96aaea26eb68728d110271aff839957
-
SHA1
738890a45ffe8e3f2972628c53eb0d3ef5d51390
-
SHA256
fdfc6a52ba1cba4c242d0eb70fdcbaf2eb30dce8a39cecf179956457033730a6
-
SHA512
292c1d579781655ab431eb5de949f69d84a6a73d9c50fa80b6a6b7ca5c7afd8e57e4ba49c12ac4d18d72de40ed5ba213ef62c4024e4bc932421071c9813b319a
-
SSDEEP
1536:JxqjQ+P04wsmJCJygB2korxag318HxZATvnsblYOwwUB:sr85CJyS2koVp318RZEvsbyOCB
Score10/10-
Detect Neshta payload
-
MAKOP ransomware payload
-
Makop
Ransomware family discovered by @VK_Intel in early 2020.
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-