General
-
Target
b98493ed0bf452a82c15e48cf17a915f009fb9e630edd167d5f7c8b8605f8a4fN
-
Size
350KB
-
Sample
241011-pkbcnasame
-
MD5
981e8aebdde820b4a31f3f2bc46664e0
-
SHA1
83570359d2d82cd138b2f5bebeb20c171eb6d047
-
SHA256
b98493ed0bf452a82c15e48cf17a915f009fb9e630edd167d5f7c8b8605f8a4f
-
SHA512
eecb25fba0e6b5c546560558cb84464f8e6990ab717f4aa0ad11cfeffa3150b043b143bb48d1aada87b4a410612cc23e9bca97a355679167c803944e6f604808
-
SSDEEP
3072:sr85CJ0qmb9sfK34RN6JA37mXKjK6nSzFlzbI41MtTDO7oBgNklkMAkhkKiicIQc:k96dsfAIZpj5Y/I41Paqd8YSB
Malware Config
Targets
-
-
Target
b98493ed0bf452a82c15e48cf17a915f009fb9e630edd167d5f7c8b8605f8a4fN
-
Size
350KB
-
MD5
981e8aebdde820b4a31f3f2bc46664e0
-
SHA1
83570359d2d82cd138b2f5bebeb20c171eb6d047
-
SHA256
b98493ed0bf452a82c15e48cf17a915f009fb9e630edd167d5f7c8b8605f8a4f
-
SHA512
eecb25fba0e6b5c546560558cb84464f8e6990ab717f4aa0ad11cfeffa3150b043b143bb48d1aada87b4a410612cc23e9bca97a355679167c803944e6f604808
-
SSDEEP
3072:sr85CJ0qmb9sfK34RN6JA37mXKjK6nSzFlzbI41MtTDO7oBgNklkMAkhkKiicIQc:k96dsfAIZpj5Y/I41Paqd8YSB
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1