General
-
Target
Curd.exe
-
Size
7.5MB
-
Sample
241110-eby29asjhr
-
MD5
b536faca77dc94cb96eda5d45bdc4afa
-
SHA1
01e75c013c5b77597d58cf20365812c01ce73eaa
-
SHA256
b406c1acec618c85ce1990fb931342aff9c5173b862b4a828b61cb89c24aa0c3
-
SHA512
d70ca52c1b42ebcf2c59c6abe3b49be91c7915751640a31810af6f2990e0e729de51901a89cf9fa69324cf8e02f84c2dcf049213bfa17179e7811b8ffe8dca47
-
SSDEEP
98304:nteYgI6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3z5UTbDv9JTSPhlVtQo1fO:nIYmOshoKMuIkhVastRL5Di3tK/SPJO
Malware Config
Targets
-
-
Target
Curd.exe
-
Size
7.5MB
-
MD5
b536faca77dc94cb96eda5d45bdc4afa
-
SHA1
01e75c013c5b77597d58cf20365812c01ce73eaa
-
SHA256
b406c1acec618c85ce1990fb931342aff9c5173b862b4a828b61cb89c24aa0c3
-
SHA512
d70ca52c1b42ebcf2c59c6abe3b49be91c7915751640a31810af6f2990e0e729de51901a89cf9fa69324cf8e02f84c2dcf049213bfa17179e7811b8ffe8dca47
-
SSDEEP
98304:nteYgI6OshoKyDvuIYc5AhV+gEc4kZvRLoI0EJfNA3z5UTbDv9JTSPhlVtQo1fO:nIYmOshoKMuIkhVastRL5Di3tK/SPJO
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1