General

  • Target

    LisectAVT_2403002C_94.exe

  • Size

    206KB

  • Sample

    240725-cakgcsvalf

  • MD5

    1267c5ba756b8384fcbcdd11e66cd208

  • SHA1

    9fe7a1cd11e72db06ff57116c58889e91d4078c2

  • SHA256

    520f56c300071865a861b3c6a07673023597c12f9d400b75fd9bbdb28486f7d9

  • SHA512

    cc4ca38cff00bccb6251e062d1df14ee52f53595d7cc8ff178c6c78fa1895065973992428d3803a137028ac680323847f9656f90d1030121c37b9f255396a6ed

  • SSDEEP

    3072:sr85CkHtM6Crfhxp1L6GpioXH2k57OKz1VD7sCLr1D/ZlezFhR/Pym+:k9kHtM6CrfjpQ0F/N9Hr7wzFhhPM

Malware Config

Targets

    • Target

      LisectAVT_2403002C_94.exe

    • Size

      206KB

    • MD5

      1267c5ba756b8384fcbcdd11e66cd208

    • SHA1

      9fe7a1cd11e72db06ff57116c58889e91d4078c2

    • SHA256

      520f56c300071865a861b3c6a07673023597c12f9d400b75fd9bbdb28486f7d9

    • SHA512

      cc4ca38cff00bccb6251e062d1df14ee52f53595d7cc8ff178c6c78fa1895065973992428d3803a137028ac680323847f9656f90d1030121c37b9f255396a6ed

    • SSDEEP

      3072:sr85CkHtM6Crfhxp1L6GpioXH2k57OKz1VD7sCLr1D/ZlezFhR/Pym+:k9kHtM6CrfjpQ0F/N9Hr7wzFhhPM

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks