General

  • Target

    420bb93d5a6e6ea6905e8c02cc8d5070N.exe

  • Size

    146KB

  • Sample

    240725-a8wk6s1ckf

  • MD5

    420bb93d5a6e6ea6905e8c02cc8d5070

  • SHA1

    314c7c9a30ed91193e8d93bfbf023d308e1fb0ab

  • SHA256

    615a3c4e7997bab6b97b6ee506ae83ff4c3d23d1c0e44abdf6b24e3df4448483

  • SHA512

    e6e813bccb52364210a6e92963fb9510cae5117abc434314ca16458ce4eb0bf9114a939bed9d5af0cbc2ee18ebe3742b8ae51e63860f32967062a176852590b4

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+pIt8wDSRUTT:k9xbAMpgY3gTC8DRUTT

Malware Config

Targets

    • Target

      420bb93d5a6e6ea6905e8c02cc8d5070N.exe

    • Size

      146KB

    • MD5

      420bb93d5a6e6ea6905e8c02cc8d5070

    • SHA1

      314c7c9a30ed91193e8d93bfbf023d308e1fb0ab

    • SHA256

      615a3c4e7997bab6b97b6ee506ae83ff4c3d23d1c0e44abdf6b24e3df4448483

    • SHA512

      e6e813bccb52364210a6e92963fb9510cae5117abc434314ca16458ce4eb0bf9114a939bed9d5af0cbc2ee18ebe3742b8ae51e63860f32967062a176852590b4

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+pIt8wDSRUTT:k9xbAMpgY3gTC8DRUTT

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks