General

  • Target

    c7015a9952d1af05161995c376bc487eb9c61cdfb59cb9113db5148d77758f3b

  • Size

    3.0MB

  • Sample

    240408-bhcwtacc43

  • MD5

    c5db3a7691a1870f3ae5d6bc5d84a04d

  • SHA1

    d1c010eefcf5db48493024a6f8b6a4b16e6f030d

  • SHA256

    c7015a9952d1af05161995c376bc487eb9c61cdfb59cb9113db5148d77758f3b

  • SHA512

    d97fc4fe2f7259478fc51cbfc0d8bc23dce384fdde6e51804222956ad1fa0db55fda2eeb701ea275ea132bb353c0e63d2a5389b3ebf9a5f5ee44e1a17460f3f4

  • SSDEEP

    49152:tDmhcCL/ZDjEEND+rtVHmpTSetowsv/PfobMv8XEKHG1wi9KY9TCk2lZrgY2aqdz:tDmhcctPguyaEPmi9V8k2rgY9+

Malware Config

Targets

    • Target

      c7015a9952d1af05161995c376bc487eb9c61cdfb59cb9113db5148d77758f3b

    • Size

      3.0MB

    • MD5

      c5db3a7691a1870f3ae5d6bc5d84a04d

    • SHA1

      d1c010eefcf5db48493024a6f8b6a4b16e6f030d

    • SHA256

      c7015a9952d1af05161995c376bc487eb9c61cdfb59cb9113db5148d77758f3b

    • SHA512

      d97fc4fe2f7259478fc51cbfc0d8bc23dce384fdde6e51804222956ad1fa0db55fda2eeb701ea275ea132bb353c0e63d2a5389b3ebf9a5f5ee44e1a17460f3f4

    • SSDEEP

      49152:tDmhcCL/ZDjEEND+rtVHmpTSetowsv/PfobMv8XEKHG1wi9KY9TCk2lZrgY2aqdz:tDmhcctPguyaEPmi9V8k2rgY9+

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks