General

  • Target

    2f1c32ebb0f67ae2eece78f6b34fff3461e6864576126c2d26dee506803b5c68.exe

  • Size

    170KB

  • Sample

    240408-bksp2scd25

  • MD5

    16243b38defcebf591c1d8d577b6e581

  • SHA1

    e0ed94634b76c4855b133e5884a3d8c9dbd4ba29

  • SHA256

    2f1c32ebb0f67ae2eece78f6b34fff3461e6864576126c2d26dee506803b5c68

  • SHA512

    23e5b6f8edd805941062dae5c7936d7a2348722ccab62900016c37aab1d3fef16a6538ac51923311fbc392aa5866ba24d7467561aa50b3802deb16260d912d04

  • SSDEEP

    3072:sr85CYk/1AdNR6LWaoQNtlPnqthTL6DhOHYMjlkvH:k9Dqf6LVtmjBw

Malware Config

Targets

    • Target

      2f1c32ebb0f67ae2eece78f6b34fff3461e6864576126c2d26dee506803b5c68.exe

    • Size

      170KB

    • MD5

      16243b38defcebf591c1d8d577b6e581

    • SHA1

      e0ed94634b76c4855b133e5884a3d8c9dbd4ba29

    • SHA256

      2f1c32ebb0f67ae2eece78f6b34fff3461e6864576126c2d26dee506803b5c68

    • SHA512

      23e5b6f8edd805941062dae5c7936d7a2348722ccab62900016c37aab1d3fef16a6538ac51923311fbc392aa5866ba24d7467561aa50b3802deb16260d912d04

    • SSDEEP

      3072:sr85CYk/1AdNR6LWaoQNtlPnqthTL6DhOHYMjlkvH:k9Dqf6LVtmjBw

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks