General
-
Target
2024-12-06_81f8e4fd01f07f099540dc0b5fd268cc_cobalt-strike_lockergoga_luca-stealer_neshta
-
Size
757KB
-
Sample
241206-bvpq5synbn
-
MD5
81f8e4fd01f07f099540dc0b5fd268cc
-
SHA1
d3350778a4dc271ce22b1cc14a199fd3c2d1a1e9
-
SHA256
6a902037e05d6bc720c721f73385cbaec65f66b7ca326c603ecbc2ee5ec671e4
-
SHA512
fe21747f7494cbf8f87047caf77dcbf347bbf2bd3bb6fd96826a50d8dd6d3b80de7ef0996df58716dc2b6ad79ced254711d91c2aef623274e6e8c4ea68d040ad
-
SSDEEP
12288:g/t6GlISyZB+L3X2zj+oK25K8+5bLFR0/IQDNY8ml:gl6GlIFz+L3KrK2x+5VR0wKNYNl
Malware Config
Targets
-
-
Target
2024-12-06_81f8e4fd01f07f099540dc0b5fd268cc_cobalt-strike_lockergoga_luca-stealer_neshta
-
Size
757KB
-
MD5
81f8e4fd01f07f099540dc0b5fd268cc
-
SHA1
d3350778a4dc271ce22b1cc14a199fd3c2d1a1e9
-
SHA256
6a902037e05d6bc720c721f73385cbaec65f66b7ca326c603ecbc2ee5ec671e4
-
SHA512
fe21747f7494cbf8f87047caf77dcbf347bbf2bd3bb6fd96826a50d8dd6d3b80de7ef0996df58716dc2b6ad79ced254711d91c2aef623274e6e8c4ea68d040ad
-
SSDEEP
12288:g/t6GlISyZB+L3X2zj+oK25K8+5bLFR0/IQDNY8ml:gl6GlIFz+L3KrK2x+5VR0wKNYNl
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-