General

  • Target

    Order 24007219.exe

  • Size

    774KB

  • Sample

    240328-lsrstsfe38

  • MD5

    e77f0d830d8353f748f97ea6c692b7f7

  • SHA1

    7202eec3edccf41aa004e542c1956533b9ac8c01

  • SHA256

    2c39793aee8f8966937d52468306f422151978e4b43d665a09f78e5c91fe5401

  • SHA512

    1b6b658dc42a1ffa577ac03743394335128c76950294eece9f3d0465f23a1b85c2e2fcd09b19af59fdcb05f605f4db2f3d17e3dbbf6afb3b44863fdf6f05e961

  • SSDEEP

    12288:2I0YOwqO8Dx1q3oIGkuFsxwkG7+qF2UA6zlH+AfS4NtT9gnjs5SJd7DrXZAmDk1M:nO7O8Dx1qRuFsxwke9HpV0

Malware Config

Targets

    • Target

      Order 24007219.exe

    • Size

      774KB

    • MD5

      e77f0d830d8353f748f97ea6c692b7f7

    • SHA1

      7202eec3edccf41aa004e542c1956533b9ac8c01

    • SHA256

      2c39793aee8f8966937d52468306f422151978e4b43d665a09f78e5c91fe5401

    • SHA512

      1b6b658dc42a1ffa577ac03743394335128c76950294eece9f3d0465f23a1b85c2e2fcd09b19af59fdcb05f605f4db2f3d17e3dbbf6afb3b44863fdf6f05e961

    • SSDEEP

      12288:2I0YOwqO8Dx1q3oIGkuFsxwkG7+qF2UA6zlH+AfS4NtT9gnjs5SJd7DrXZAmDk1M:nO7O8Dx1qRuFsxwke9HpV0

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks