General
-
Target
73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N
-
Size
313KB
-
Sample
241028-x4es7atjfy
-
MD5
8be423c51b713a3f5ffaba82318cdea0
-
SHA1
1d6a17cde22086e1618bcc6b8e97bdd44c56de93
-
SHA256
73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038
-
SHA512
a24d617386466e8a7df4905076dea69a9181d2a4493ca34bf9eea40b2251865ab09e1d5dc36c882e08774f49776ddfb458f4f3b3ba7d63c117ef39877f57e244
-
SSDEEP
6144:k9w6CHQfzgeC32Uaq2t0EyL+2iaBAO94ruMQd:IzHoRK2ZyiM8
Malware Config
Targets
-
-
Target
73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038N
-
Size
313KB
-
MD5
8be423c51b713a3f5ffaba82318cdea0
-
SHA1
1d6a17cde22086e1618bcc6b8e97bdd44c56de93
-
SHA256
73e8e9f90503b0006928f55250b6b57b761c0c64ee92e93d18ae43307383c038
-
SHA512
a24d617386466e8a7df4905076dea69a9181d2a4493ca34bf9eea40b2251865ab09e1d5dc36c882e08774f49776ddfb458f4f3b3ba7d63c117ef39877f57e244
-
SSDEEP
6144:k9w6CHQfzgeC32Uaq2t0EyL+2iaBAO94ruMQd:IzHoRK2ZyiM8
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1