General

  • Target

    9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a.exe

  • Size

    2.2MB

  • Sample

    241122-db6xesypgj

  • MD5

    b01a11449dd83a10497833b23fb0887d

  • SHA1

    8f5276ee02a5b4b23cb7e9d500dd0df71382e211

  • SHA256

    9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a

  • SHA512

    cf3634a8253c439d54233162db10b9668f080e184e4e1b52aae60db303e89d2ca9fead16097937a871d54685592b1b58e389d481b94f6c261d5caec98223ec81

  • SSDEEP

    24576:ZFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsRQ:ZREXSVMDi350aFJqciOa925sRtMZ

Malware Config

Targets

    • Target

      9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a.exe

    • Size

      2.2MB

    • MD5

      b01a11449dd83a10497833b23fb0887d

    • SHA1

      8f5276ee02a5b4b23cb7e9d500dd0df71382e211

    • SHA256

      9b165f6672e74ed5dc437040829bd602afc411ce8c948c41b6d739bf1fbfb09a

    • SHA512

      cf3634a8253c439d54233162db10b9668f080e184e4e1b52aae60db303e89d2ca9fead16097937a871d54685592b1b58e389d481b94f6c261d5caec98223ec81

    • SSDEEP

      24576:ZFbkIsaPiXSVnC7Yp9zkNmZG8RRlnZyz/Iila8CJn0BgtscdTtOOa9pfthIDdsRQ:ZREXSVMDi350aFJqciOa925sRtMZ

    • Detect Neshta payload

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • Gh0strat family

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Server Software Component: Terminal Services DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks