General

  • Target

    d31ba97cbb308b7b2453446543759540N.exe

  • Size

    5.4MB

  • Sample

    240725-qhz4nszhnn

  • MD5

    d31ba97cbb308b7b2453446543759540

  • SHA1

    475f96f27aeddbd1f3cf909908317f98940a47b1

  • SHA256

    2f72a46df03520ba21d1f47c2882078c2b2479a7a5c07d7d9ed0b9a118e07463

  • SHA512

    b4a3bfa133aa6ec5f00539f32eab315e613a37de57d8d8be309a28480b90697157e198c4ec6bee9be21a2ae31a5887c57032e484db6eddf06a6cee9b60b53879

  • SSDEEP

    49152:65ThEC49ZZJL/asqATiVE4nDf4bg1aD3lKv5Yj62y5Pi5ls2cjopC429QCCwXodu:LvlJTGVMxyFi5lp/n+BR

Malware Config

Targets

    • Target

      d31ba97cbb308b7b2453446543759540N.exe

    • Size

      5.4MB

    • MD5

      d31ba97cbb308b7b2453446543759540

    • SHA1

      475f96f27aeddbd1f3cf909908317f98940a47b1

    • SHA256

      2f72a46df03520ba21d1f47c2882078c2b2479a7a5c07d7d9ed0b9a118e07463

    • SHA512

      b4a3bfa133aa6ec5f00539f32eab315e613a37de57d8d8be309a28480b90697157e198c4ec6bee9be21a2ae31a5887c57032e484db6eddf06a6cee9b60b53879

    • SSDEEP

      49152:65ThEC49ZZJL/asqATiVE4nDf4bg1aD3lKv5Yj62y5Pi5ls2cjopC429QCCwXodu:LvlJTGVMxyFi5lp/n+BR

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks