General

  • Target

    31b6401cd95090e05221db25f0088979067facbcfec4df6d7b68efb6a57eaaed.exe

  • Size

    260KB

  • Sample

    240408-blc1zscc5x

  • MD5

    b9fbb019b76c47b444f1352edadbfb93

  • SHA1

    6545f7d24d662ff1be2add4884cfeaf8ecae597d

  • SHA256

    31b6401cd95090e05221db25f0088979067facbcfec4df6d7b68efb6a57eaaed

  • SHA512

    a47f81dea036a33e726189a114af08f5a3bd6f4acd7bcdef875ab32a026ea5bb07560b9c892d7c9a4c8d2fa2ff80954857abff16da0b948abe4331b06406e00c

  • SSDEEP

    3072:sr85C1niR9hcixh3u55ihp64xnJq3wca73oAUJaQSMQmHIdzrRklk8d5:k9AR9hzh3Sif9xmaQS7Vklk8n

Malware Config

Targets

    • Target

      31b6401cd95090e05221db25f0088979067facbcfec4df6d7b68efb6a57eaaed.exe

    • Size

      260KB

    • MD5

      b9fbb019b76c47b444f1352edadbfb93

    • SHA1

      6545f7d24d662ff1be2add4884cfeaf8ecae597d

    • SHA256

      31b6401cd95090e05221db25f0088979067facbcfec4df6d7b68efb6a57eaaed

    • SHA512

      a47f81dea036a33e726189a114af08f5a3bd6f4acd7bcdef875ab32a026ea5bb07560b9c892d7c9a4c8d2fa2ff80954857abff16da0b948abe4331b06406e00c

    • SSDEEP

      3072:sr85C1niR9hcixh3u55ihp64xnJq3wca73oAUJaQSMQmHIdzrRklk8d5:k9AR9hzh3Sif9xmaQS7Vklk8n

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks