General

  • Target

    fea19be56706d18881f60cb8ea3411bf696d1ecf58fb1c1c4746c0db60d38a4d

  • Size

    715KB

  • Sample

    241025-jw468axbpe

  • MD5

    0430de07aa9b4a4b1c4aa79e9ef75678

  • SHA1

    9fa8b27f795673a99ab78cc4cb805693b14116f8

  • SHA256

    fea19be56706d18881f60cb8ea3411bf696d1ecf58fb1c1c4746c0db60d38a4d

  • SHA512

    36d72352a02d685c1f60728a3a4a748af7d93a4b0f93328ff326ff670b511d287050f80f2229d82824a99295e6235f6e8098618635308e93537bf9812a1cf9d6

  • SSDEEP

    12288:jUNDaKUNDa8/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbYpj58NO0qwxeWf0:jOaKOaAel3+s0DvfeUYqcZQCGm4YfaQ

Malware Config

Targets

    • Target

      fea19be56706d18881f60cb8ea3411bf696d1ecf58fb1c1c4746c0db60d38a4d

    • Size

      715KB

    • MD5

      0430de07aa9b4a4b1c4aa79e9ef75678

    • SHA1

      9fa8b27f795673a99ab78cc4cb805693b14116f8

    • SHA256

      fea19be56706d18881f60cb8ea3411bf696d1ecf58fb1c1c4746c0db60d38a4d

    • SHA512

      36d72352a02d685c1f60728a3a4a748af7d93a4b0f93328ff326ff670b511d287050f80f2229d82824a99295e6235f6e8098618635308e93537bf9812a1cf9d6

    • SSDEEP

      12288:jUNDaKUNDa8/J+CtaxnjZpAbxdxDcWcnR4bfXfwiSeiw8xHgbYpj58NO0qwxeWf0:jOaKOaAel3+s0DvfeUYqcZQCGm4YfaQ

    • Detect Neshta payload

    • Modifies visiblity of hidden/system files in Explorer

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks