General

  • Target

    12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe

  • Size

    1.3MB

  • Sample

    241206-y7jrzs1rhp

  • MD5

    b9a4f271af9f1486241b1d1977ec0670

  • SHA1

    0b87e60d2f871b20750d7b98b0551ee66186b2fb

  • SHA256

    12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030

  • SHA512

    991cd569cb0de467f09d76877174af63f6b9f5c46faca5f3719a9a16ecea2bf650a562860f70c25d2404edb63dc9ea9192ee22c3894f98ff79e5b831fbb27025

  • SSDEEP

    24576:tr/0ox0HyFZi6tVNpXrXjHgaAWm3U8ufe4N8zZF+HgM1S9emr:tr/506ZNjNtrXjD8E8uWSAkED

Malware Config

Targets

    • Target

      12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030N.exe

    • Size

      1.3MB

    • MD5

      b9a4f271af9f1486241b1d1977ec0670

    • SHA1

      0b87e60d2f871b20750d7b98b0551ee66186b2fb

    • SHA256

      12d4e66a4298c003bd266b22c1e6a3878972ca678fd0ef404e1a1b115d6c7030

    • SHA512

      991cd569cb0de467f09d76877174af63f6b9f5c46faca5f3719a9a16ecea2bf650a562860f70c25d2404edb63dc9ea9192ee22c3894f98ff79e5b831fbb27025

    • SSDEEP

      24576:tr/0ox0HyFZi6tVNpXrXjHgaAWm3U8ufe4N8zZF+HgM1S9emr:tr/506ZNjNtrXjD8E8uWSAkED

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Indicator Removal: Clear Persistence

      remove IFEO.

MITRE ATT&CK Enterprise v15

Tasks