General

  • Target

    LisectAVT_2403002C_136.exe

  • Size

    96KB

  • Sample

    240725-b5bx2atepc

  • MD5

    336f1edec4f7a0969898316d511f4920

  • SHA1

    3c75e62c290e1abdb6d8f2185005f9c485aab90c

  • SHA256

    46212d4856db1dcdf30c95cbcf42bc18d813db2c5c49b063592b2b69599405af

  • SHA512

    bff3679529769456c74dcb118f518eaee0df44ba3edb0d3fa03e0ebeec7890e10aeaac97329c7c19e2ceded1644b02c61c960778d35d97e7ee238929d8cb427f

  • SSDEEP

    1536:JxqjQ+P04wsmJCqoljanoDGrkbAO80mhN/ZKT:sr85Cqo4oDKo7khdZKT

Malware Config

Targets

    • Target

      LisectAVT_2403002C_136.exe

    • Size

      96KB

    • MD5

      336f1edec4f7a0969898316d511f4920

    • SHA1

      3c75e62c290e1abdb6d8f2185005f9c485aab90c

    • SHA256

      46212d4856db1dcdf30c95cbcf42bc18d813db2c5c49b063592b2b69599405af

    • SHA512

      bff3679529769456c74dcb118f518eaee0df44ba3edb0d3fa03e0ebeec7890e10aeaac97329c7c19e2ceded1644b02c61c960778d35d97e7ee238929d8cb427f

    • SSDEEP

      1536:JxqjQ+P04wsmJCqoljanoDGrkbAO80mhN/ZKT:sr85Cqo4oDKo7khdZKT

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks