General
-
Target
profprma invoice.exe
-
Size
674KB
-
Sample
240319-zjtgysfb26
-
MD5
23282fed201d547ffcdadbf70b9003b0
-
SHA1
d5098a5e2fd992373ca46501e9f396545e010eec
-
SHA256
0d2cbcdf1c8fc968085c474b675700f8c51cca63a266012ff135fd91b91e872e
-
SHA512
43cebf2972f2b51257ea4af221c0fa40d37d09ec73f259205bd4cd42e8e4d4c0b4b1677988211fb4d0130872189147bcdfa8ed2d37d3d4b044d94064c83d92c9
-
SSDEEP
12288:mlPloOJRYWqy8AVgfiq2qFlwd0EpO8moeyWSL+wmuqnJ3Ey7cvTgc67/YPSS7l:Q9oOJbntbBqFlNEY5fy1+Hn5EgcvsF74
Malware Config
Targets
-
-
Target
profprma invoice.exe
-
Size
674KB
-
MD5
23282fed201d547ffcdadbf70b9003b0
-
SHA1
d5098a5e2fd992373ca46501e9f396545e010eec
-
SHA256
0d2cbcdf1c8fc968085c474b675700f8c51cca63a266012ff135fd91b91e872e
-
SHA512
43cebf2972f2b51257ea4af221c0fa40d37d09ec73f259205bd4cd42e8e4d4c0b4b1677988211fb4d0130872189147bcdfa8ed2d37d3d4b044d94064c83d92c9
-
SSDEEP
12288:mlPloOJRYWqy8AVgfiq2qFlwd0EpO8moeyWSL+wmuqnJ3Ey7cvTgc67/YPSS7l:Q9oOJbntbBqFlNEY5fy1+Hn5EgcvsF74
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-