General

  • Target

    6c3e7aee6d2bb9a636f5fe983afdf98f0ac1de30c5eb5afc6bd6830d1d5e81d1

  • Size

    211KB

  • Sample

    240621-2jhrkashqa

  • MD5

    93b73d76f4cc977571713dba42a2d7fb

  • SHA1

    1d142998286c2c477b5b61adbe7f3ec9a385fb40

  • SHA256

    6c3e7aee6d2bb9a636f5fe983afdf98f0ac1de30c5eb5afc6bd6830d1d5e81d1

  • SHA512

    7fd4488ab7cba349d9deec1e1ebd5fd07637f72a91557df5d87a97d7ccfe358f2d0b7ab15d1ed379be67638a64a8e219c71401c15ead7f6e947c2bcbc844af94

  • SSDEEP

    3072:sr85CrbLlJcvYYQfOa+8MR+hZGPvWwVP6eSqMyjkxSOElL:k93pJNj156wElL

Malware Config

Targets

    • Target

      6c3e7aee6d2bb9a636f5fe983afdf98f0ac1de30c5eb5afc6bd6830d1d5e81d1

    • Size

      211KB

    • MD5

      93b73d76f4cc977571713dba42a2d7fb

    • SHA1

      1d142998286c2c477b5b61adbe7f3ec9a385fb40

    • SHA256

      6c3e7aee6d2bb9a636f5fe983afdf98f0ac1de30c5eb5afc6bd6830d1d5e81d1

    • SHA512

      7fd4488ab7cba349d9deec1e1ebd5fd07637f72a91557df5d87a97d7ccfe358f2d0b7ab15d1ed379be67638a64a8e219c71401c15ead7f6e947c2bcbc844af94

    • SSDEEP

      3072:sr85CrbLlJcvYYQfOa+8MR+hZGPvWwVP6eSqMyjkxSOElL:k93pJNj156wElL

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks