General

  • Target

    dd8e7f680116afcccaa00c8cc896f7c88a0868f243cb336d867629ae2efc4b95N.exe

  • Size

    8.0MB

  • Sample

    241118-q2hzhaxfjh

  • MD5

    522c36c342a2ead024c63b2ad4af7750

  • SHA1

    9b41ce535eb7efb20a808e017b0f82d223656e51

  • SHA256

    dd8e7f680116afcccaa00c8cc896f7c88a0868f243cb336d867629ae2efc4b95

  • SHA512

    b67a86340fa3d74fa616e0f563b7bc500a6fcaa9cbc443bddebc1332355f0b9d2de771a9a46388a7472f3a1cd190307305745d15323a8fbdff9ad316ac3fef00

  • SSDEEP

    196608:XbEGIvoTLRugGP9N2WDxovI1QBujVv13n:gGT9O9NL2giBujR1X

Malware Config

Targets

    • Target

      dd8e7f680116afcccaa00c8cc896f7c88a0868f243cb336d867629ae2efc4b95N.exe

    • Size

      8.0MB

    • MD5

      522c36c342a2ead024c63b2ad4af7750

    • SHA1

      9b41ce535eb7efb20a808e017b0f82d223656e51

    • SHA256

      dd8e7f680116afcccaa00c8cc896f7c88a0868f243cb336d867629ae2efc4b95

    • SHA512

      b67a86340fa3d74fa616e0f563b7bc500a6fcaa9cbc443bddebc1332355f0b9d2de771a9a46388a7472f3a1cd190307305745d15323a8fbdff9ad316ac3fef00

    • SSDEEP

      196608:XbEGIvoTLRugGP9N2WDxovI1QBujVv13n:gGT9O9NL2giBujR1X

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks