General

  • Target

    562ba6aa02e08bc79144062b7945a6d24c64804be3bafc03a98f9409f5843a0cN.exe

  • Size

    605KB

  • Sample

    241123-qq82jssjgp

  • MD5

    9fff7f8a4111c86f0c82df1c79fe5fa0

  • SHA1

    29db1c7f77242da9738f218763a216b1505c2c7f

  • SHA256

    562ba6aa02e08bc79144062b7945a6d24c64804be3bafc03a98f9409f5843a0c

  • SHA512

    29d0527b599d532d63a768efb7007b5666c3a51d12b177872856ab5db03b74cabf846f1de576958d549145924b94f8bc09932d11a57912bf82960dbc7902c0cd

  • SSDEEP

    6144:k94jBoxq+i93njWjK9AerZhLCbawUBiiRZoAu+5cKjJkohRMYdik9QaYG4y:JjBoxq+Ej32iLC9AzEAuRgJko4AV4y

Malware Config

Targets

    • Target

      562ba6aa02e08bc79144062b7945a6d24c64804be3bafc03a98f9409f5843a0cN.exe

    • Size

      605KB

    • MD5

      9fff7f8a4111c86f0c82df1c79fe5fa0

    • SHA1

      29db1c7f77242da9738f218763a216b1505c2c7f

    • SHA256

      562ba6aa02e08bc79144062b7945a6d24c64804be3bafc03a98f9409f5843a0c

    • SHA512

      29d0527b599d532d63a768efb7007b5666c3a51d12b177872856ab5db03b74cabf846f1de576958d549145924b94f8bc09932d11a57912bf82960dbc7902c0cd

    • SSDEEP

      6144:k94jBoxq+i93njWjK9AerZhLCbawUBiiRZoAu+5cKjJkohRMYdik9QaYG4y:JjBoxq+Ej32iLC9AzEAuRgJko4AV4y

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks