General

  • Target

    773bb86d4eff8b1970fe78116fe59f86

  • Size

    146KB

  • Sample

    240409-ykql1sbh3x

  • MD5

    773bb86d4eff8b1970fe78116fe59f86

  • SHA1

    90feea191828d62faac62f7f1e95740394d5d6d2

  • SHA256

    1ff4e8580c4c01c08cd1a44b1b64a84818934b2923ffb38073f3dc5fa801df9a

  • SHA512

    d96d79a2c1cb8d7136ec38269ccafac1cbdc908dc584c09c6afb4e6ae3aeb451ae406c28733f98ddd8f7929b1904a3c942bdaa0fbf0fbb0449eb5625db923974

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+/9t8wDSRUTT:k9xbAMpgY3gTP8DRUTT

Malware Config

Targets

    • Target

      773bb86d4eff8b1970fe78116fe59f86

    • Size

      146KB

    • MD5

      773bb86d4eff8b1970fe78116fe59f86

    • SHA1

      90feea191828d62faac62f7f1e95740394d5d6d2

    • SHA256

      1ff4e8580c4c01c08cd1a44b1b64a84818934b2923ffb38073f3dc5fa801df9a

    • SHA512

      d96d79a2c1cb8d7136ec38269ccafac1cbdc908dc584c09c6afb4e6ae3aeb451ae406c28733f98ddd8f7929b1904a3c942bdaa0fbf0fbb0449eb5625db923974

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+/9t8wDSRUTT:k9xbAMpgY3gTP8DRUTT

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks