General
-
Target
c61907f4c5a9d7cc0dd47020aa7ddeab5cff40cf37f066c3f5ab7c3ef9b5e64f.exe
-
Size
909KB
-
Sample
241204-h8cr3axnbz
-
MD5
ab97179150a3bf7ed20db8d63f2cbc5c
-
SHA1
635b74b51cc13bbb40dc58b24fe1f86353dc2340
-
SHA256
c61907f4c5a9d7cc0dd47020aa7ddeab5cff40cf37f066c3f5ab7c3ef9b5e64f
-
SHA512
df977e12e6f5bccd52f59ed849f7fe5a350b1ca7259497abe5b8794880f725433d17dc5ced64e952b61758f54bd9aa6657f1976e771f1b010a3b70730fd0313c
-
SSDEEP
24576:X6RUW+a1GDFcvn1w8B+K6EvxL91BoQ9uZUR+zZdmbh:KEa1Gs1nB+yvxLpV9u1O
Malware Config
Targets
-
-
Target
c61907f4c5a9d7cc0dd47020aa7ddeab5cff40cf37f066c3f5ab7c3ef9b5e64f.exe
-
Size
909KB
-
MD5
ab97179150a3bf7ed20db8d63f2cbc5c
-
SHA1
635b74b51cc13bbb40dc58b24fe1f86353dc2340
-
SHA256
c61907f4c5a9d7cc0dd47020aa7ddeab5cff40cf37f066c3f5ab7c3ef9b5e64f
-
SHA512
df977e12e6f5bccd52f59ed849f7fe5a350b1ca7259497abe5b8794880f725433d17dc5ced64e952b61758f54bd9aa6657f1976e771f1b010a3b70730fd0313c
-
SSDEEP
24576:X6RUW+a1GDFcvn1w8B+K6EvxL91BoQ9uZUR+zZdmbh:KEa1Gs1nB+yvxLpV9u1O
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-