General

  • Target

    cee4f5895a0e8cfd90336a753d1d62e0N.exe

  • Size

    146KB

  • Sample

    240725-pbbl3axfrq

  • MD5

    cee4f5895a0e8cfd90336a753d1d62e0

  • SHA1

    4fdd0ffc103f610234264ebe781e67ec9e626afc

  • SHA256

    599eda09b562950ff1187f38a69d8f4328ffd5eb0623b4a1520be37993d8966e

  • SHA512

    b8b7248318f47e5c0b8576f7a570201201ff602c822eeb1cfe22d8d2e6b7699e8cc21a772ac3b4d69f1585eac6b8a8e986c617fbec9560fc9187422d373c81d3

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+rFt8wDSRUTT:k9xbAMpgY3gTr8DRUTT

Malware Config

Targets

    • Target

      cee4f5895a0e8cfd90336a753d1d62e0N.exe

    • Size

      146KB

    • MD5

      cee4f5895a0e8cfd90336a753d1d62e0

    • SHA1

      4fdd0ffc103f610234264ebe781e67ec9e626afc

    • SHA256

      599eda09b562950ff1187f38a69d8f4328ffd5eb0623b4a1520be37993d8966e

    • SHA512

      b8b7248318f47e5c0b8576f7a570201201ff602c822eeb1cfe22d8d2e6b7699e8cc21a772ac3b4d69f1585eac6b8a8e986c617fbec9560fc9187422d373c81d3

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+rFt8wDSRUTT:k9xbAMpgY3gTr8DRUTT

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks