General
-
Target
220ff89fed50b8591ec378094ec6a08f09372674b70b0f774f2bc50ee76d7281
-
Size
6.6MB
-
Sample
241018-yb12dsvbqd
-
MD5
82b15f6b51dd0546aab7ca21b6deda65
-
SHA1
7ec4fece518779064e76c35e4175216ca0895836
-
SHA256
220ff89fed50b8591ec378094ec6a08f09372674b70b0f774f2bc50ee76d7281
-
SHA512
062b03e5d2a5bf57a6723003142e8bde11a8f7bcd6c062669d917ee35f5657fde06121ecdccfba31ce47ba55c32ba1f86a5bdc7a93756971e4e9c82ec68ddc3d
-
SSDEEP
98304:ThD+qZ3YOE+WOSkwXsvE0+DwQkiXCURv5jrm:1D+qZ3YrDwBSjDrm
Malware Config
Targets
-
-
Target
220ff89fed50b8591ec378094ec6a08f09372674b70b0f774f2bc50ee76d7281
-
Size
6.6MB
-
MD5
82b15f6b51dd0546aab7ca21b6deda65
-
SHA1
7ec4fece518779064e76c35e4175216ca0895836
-
SHA256
220ff89fed50b8591ec378094ec6a08f09372674b70b0f774f2bc50ee76d7281
-
SHA512
062b03e5d2a5bf57a6723003142e8bde11a8f7bcd6c062669d917ee35f5657fde06121ecdccfba31ce47ba55c32ba1f86a5bdc7a93756971e4e9c82ec68ddc3d
-
SSDEEP
98304:ThD+qZ3YOE+WOSkwXsvE0+DwQkiXCURv5jrm:1D+qZ3YrDwBSjDrm
Score10/10-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1