General

  • Target

    be6c8b92ebbc4d4e7625879e52f8bb2526a90811f4c3672d01c2f3b100949d98N

  • Size

    1.7MB

  • Sample

    241027-n39shaxcnc

  • MD5

    b2fd21afc38e5bcda5ddb2f67a047e40

  • SHA1

    10610afd5b236302c2eb3111bf48ce741b6eb20d

  • SHA256

    be6c8b92ebbc4d4e7625879e52f8bb2526a90811f4c3672d01c2f3b100949d98

  • SHA512

    6a454691ef0d831de1b673ba80b8f659f772a5845fed5d6b1d0f72a156d7de8c6a30417f0b733c2561230d791c588401701d1653bc51f101ba26a75a2ad85398

  • SSDEEP

    49152:SHUaSDfdjvOCc09pTkrz+5IYQ6pqukSKa:SHUhdvOCcwtkfIJQoaSP

Malware Config

Targets

    • Target

      be6c8b92ebbc4d4e7625879e52f8bb2526a90811f4c3672d01c2f3b100949d98N

    • Size

      1.7MB

    • MD5

      b2fd21afc38e5bcda5ddb2f67a047e40

    • SHA1

      10610afd5b236302c2eb3111bf48ce741b6eb20d

    • SHA256

      be6c8b92ebbc4d4e7625879e52f8bb2526a90811f4c3672d01c2f3b100949d98

    • SHA512

      6a454691ef0d831de1b673ba80b8f659f772a5845fed5d6b1d0f72a156d7de8c6a30417f0b733c2561230d791c588401701d1653bc51f101ba26a75a2ad85398

    • SSDEEP

      49152:SHUaSDfdjvOCc09pTkrz+5IYQ6pqukSKa:SHUhdvOCcwtkfIJQoaSP

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks