General

  • Target

    a67944e6f26b44910a85a2d9c3fbc7ee75968123246f2718d359c533d98edc2d.zip

  • Size

    712KB

  • Sample

    240414-bz35bsfh7s

  • MD5

    194e488ec22ea041a71673080332ce0b

  • SHA1

    32ee60ddd2bbb7699f69f05a9d9faee2344b4457

  • SHA256

    a67944e6f26b44910a85a2d9c3fbc7ee75968123246f2718d359c533d98edc2d

  • SHA512

    04a3d800ee0ff92d218d9e6e39134e8477c7e463c8803d702eed12f831fdc55c4c8a2f33fa06447c39b8b9f9db754de1f9615cf569a2059d14b04e46fb571880

  • SSDEEP

    12288:ShxvPYo2IQRGdQ4X8VVOFIAOMRNdcnJSNC2Du1Xemh/EOyrbl8PCiO068U3OJ:U3r2tgdQk2AOM5cn8NHDuBek/EOyX2PN

Malware Config

Targets

    • Target

      PO No. 44 Master Group Trading & Contracting.exe

    • Size

      815KB

    • MD5

      77fceb05a851e129ceac74ad35a49669

    • SHA1

      9b2d4653f5aa38a9fc64e0eca19268e4da547b79

    • SHA256

      dafe6d74868c243d4f818aab7c3f8d5d95b7d69aa1492e34e1e38d80d15e1532

    • SHA512

      e818dce4d5f7f323148dea9a0dea3e77f8bfdc2e3010735fd97d45e8a69ee3c1f2b658f142bd47e3ca2833307486555a6464f39a0e3169b8294c0d540a9df4f9

    • SSDEEP

      24576:PRuoOBrBlsQJKlQA3fqRCAL3V6wREYy9mE:PL0Bld6QA3S0ALlbREYy9m

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Detects executables packed with SmartAssembly

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks