General

  • Target

    da003dd0cf255aac9702a043fe3ec1d0N.exe

  • Size

    146KB

  • Sample

    240725-r5qzysvamn

  • MD5

    da003dd0cf255aac9702a043fe3ec1d0

  • SHA1

    b92c46e50b53232435c6bd57b60fb9a0e740ae12

  • SHA256

    41faeea6f3998395b6ab78991fa3b73190ea84b25eaa55d1fe96338a1673262b

  • SHA512

    0e27a9c73b81720e1adc019b8626bb2418173ee5ebe765dc9974f3e6fd1af14b9ec2f1ce059a673eb83515ddcdedc0b8d3c513508d22dab0408bce08af75a75e

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+Out8wDSRUTT:k9xbAMpgY3gTD8DRUTT

Malware Config

Targets

    • Target

      da003dd0cf255aac9702a043fe3ec1d0N.exe

    • Size

      146KB

    • MD5

      da003dd0cf255aac9702a043fe3ec1d0

    • SHA1

      b92c46e50b53232435c6bd57b60fb9a0e740ae12

    • SHA256

      41faeea6f3998395b6ab78991fa3b73190ea84b25eaa55d1fe96338a1673262b

    • SHA512

      0e27a9c73b81720e1adc019b8626bb2418173ee5ebe765dc9974f3e6fd1af14b9ec2f1ce059a673eb83515ddcdedc0b8d3c513508d22dab0408bce08af75a75e

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+Out8wDSRUTT:k9xbAMpgY3gTD8DRUTT

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks