General

  • Target

    PO supplies 15 7 24.exe

  • Size

    723KB

  • Sample

    240717-jbee3atela

  • MD5

    8c4507c84e866d7a0677244d94c439f6

  • SHA1

    b7917d2630306f79444a473903c0170ce8e58abe

  • SHA256

    08666ef4278f5e77d441949a6069b712fd4908fc75df489ed9289daa5ff3cf5e

  • SHA512

    950b7452c9047f24baec92101973fd3d4fdfac7f81cc2208df2a20de46db43b54eb411fa48442df5cf963ba18286047490b920529906149a8e1d9a5605bf01e1

  • SSDEEP

    12288:2Wx2PQfZHFS3LapnnbooqxQPtK9gyANqA5i27ylNNXtMjUJe:fwMZHFS3YnnUQU9VANqAs4y9Mjg

Malware Config

Targets

    • Target

      PO supplies 15 7 24.exe

    • Size

      723KB

    • MD5

      8c4507c84e866d7a0677244d94c439f6

    • SHA1

      b7917d2630306f79444a473903c0170ce8e58abe

    • SHA256

      08666ef4278f5e77d441949a6069b712fd4908fc75df489ed9289daa5ff3cf5e

    • SHA512

      950b7452c9047f24baec92101973fd3d4fdfac7f81cc2208df2a20de46db43b54eb411fa48442df5cf963ba18286047490b920529906149a8e1d9a5605bf01e1

    • SSDEEP

      12288:2Wx2PQfZHFS3LapnnbooqxQPtK9gyANqA5i27ylNNXtMjUJe:fwMZHFS3YnnUQU9VANqAs4y9Mjg

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks