General

  • Target

    LisectAVT_2403002A_54.exe

  • Size

    742KB

  • Sample

    240725-a4pbaszhqh

  • MD5

    ef179c05dd3a2af711ce37bc03b71b95

  • SHA1

    6717ae0bb0998267b9952f8e676859ae46092511

  • SHA256

    083f671bdfa7b080edff7dc531e68b5179f0adf3109bc5509952209d4c6bffd1

  • SHA512

    6f95182fc8fcd0a6a7ee642d96622741435a2dda0dfa28db9bdbbce372c0eb2aed52bd1f1edf13a697846759736901019779f6e76e458b8284de6ae24a8fbda3

  • SSDEEP

    12288:MHpFYa5Wkb3macr/l/dQ9ox1R04Xclt5/yXuJtWLYn0lOY7MMlqoIDS/yuYK:hkyzl/dQ9wk5PWUn8OY7Wl6RY

Malware Config

Targets

    • Target

      LisectAVT_2403002A_54.exe

    • Size

      742KB

    • MD5

      ef179c05dd3a2af711ce37bc03b71b95

    • SHA1

      6717ae0bb0998267b9952f8e676859ae46092511

    • SHA256

      083f671bdfa7b080edff7dc531e68b5179f0adf3109bc5509952209d4c6bffd1

    • SHA512

      6f95182fc8fcd0a6a7ee642d96622741435a2dda0dfa28db9bdbbce372c0eb2aed52bd1f1edf13a697846759736901019779f6e76e458b8284de6ae24a8fbda3

    • SSDEEP

      12288:MHpFYa5Wkb3macr/l/dQ9ox1R04Xclt5/yXuJtWLYn0lOY7MMlqoIDS/yuYK:hkyzl/dQ9wk5PWUn8OY7Wl6RY

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks