General

  • Target

    0617566edbe89fbc61773681792fd8d0N.exe

  • Size

    284KB

  • Sample

    240724-zgh87syepe

  • MD5

    0617566edbe89fbc61773681792fd8d0

  • SHA1

    3c85b702db760d12dc45bf31c7deded20cb5d665

  • SHA256

    d683e2154726626f341a1445c994d23ed513c3b43c635480e1511c48233c4f41

  • SHA512

    3796e0f0152c3e774a6a4c747151b8d4888cfcb31b57f1915dc2dbf38ee37bbb590ac9a6b7e5748117c5225e0435c03c36f0b0337a0f4105f2b2e44f09eec4c7

  • SSDEEP

    6144:k9aT1In69D2+VPkyiyer0V92G0sa49df0aOhj:5192ukRz0V928B0lhj

Malware Config

Targets

    • Target

      0617566edbe89fbc61773681792fd8d0N.exe

    • Size

      284KB

    • MD5

      0617566edbe89fbc61773681792fd8d0

    • SHA1

      3c85b702db760d12dc45bf31c7deded20cb5d665

    • SHA256

      d683e2154726626f341a1445c994d23ed513c3b43c635480e1511c48233c4f41

    • SHA512

      3796e0f0152c3e774a6a4c747151b8d4888cfcb31b57f1915dc2dbf38ee37bbb590ac9a6b7e5748117c5225e0435c03c36f0b0337a0f4105f2b2e44f09eec4c7

    • SSDEEP

      6144:k9aT1In69D2+VPkyiyer0V92G0sa49df0aOhj:5192ukRz0V928B0lhj

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks