General

  • Target

    a9ad6fd1de69c9a48c4a06cf6bd2077992cad448d746e167f420acc3af63e697N.exe

  • Size

    1.8MB

  • Sample

    241125-zwpdrswmfx

  • MD5

    3b5e98470608e157e0772fa03b636820

  • SHA1

    149a599aa12e5a001492805d50b9ba3c0c634f83

  • SHA256

    a9ad6fd1de69c9a48c4a06cf6bd2077992cad448d746e167f420acc3af63e697

  • SHA512

    26c0964165990692249a031c3496f2df4c156c037136c78434c4a9735245b166435bd2da44dc6d8b141e88e6daf1ec43cedfc71a20e777f214257f23092cbfbb

  • SSDEEP

    49152:W2wSTYv4g8PqxdSi7ybuzEnWjWMwH1aIyJ:x5TYv4g8Pqx4i7yNsWMwH1GJ

Malware Config

Targets

    • Target

      a9ad6fd1de69c9a48c4a06cf6bd2077992cad448d746e167f420acc3af63e697N.exe

    • Size

      1.8MB

    • MD5

      3b5e98470608e157e0772fa03b636820

    • SHA1

      149a599aa12e5a001492805d50b9ba3c0c634f83

    • SHA256

      a9ad6fd1de69c9a48c4a06cf6bd2077992cad448d746e167f420acc3af63e697

    • SHA512

      26c0964165990692249a031c3496f2df4c156c037136c78434c4a9735245b166435bd2da44dc6d8b141e88e6daf1ec43cedfc71a20e777f214257f23092cbfbb

    • SSDEEP

      49152:W2wSTYv4g8PqxdSi7ybuzEnWjWMwH1aIyJ:x5TYv4g8Pqx4i7yNsWMwH1GJ

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks