General

  • Target

    98fb7808bd50d136c90e6f4e0ecaa76244f2c9958f84fba64ff3d801133fa43c

  • Size

    150KB

  • Sample

    241207-bazqlsxkdx

  • MD5

    32f359a354382e547458d2e22b49e736

  • SHA1

    ee37cb6d361467d2831cc893c6a8488a35998537

  • SHA256

    98fb7808bd50d136c90e6f4e0ecaa76244f2c9958f84fba64ff3d801133fa43c

  • SHA512

    e887ebea2b3fa05191586dd454f0b319a0c8c4989919b50252b17e2bb65512c93d9e731d3c6aaf2c1b9884ca5ae6f78647662f067612bc403e8542f1d7cdcd5c

  • SSDEEP

    3072:sr85CNYC16JxUN5PhGgYqqkQFWzKVzMezr85C:k9NYA5PhGPqCFWzKVzMeP9

Malware Config

Targets

    • Target

      98fb7808bd50d136c90e6f4e0ecaa76244f2c9958f84fba64ff3d801133fa43c

    • Size

      150KB

    • MD5

      32f359a354382e547458d2e22b49e736

    • SHA1

      ee37cb6d361467d2831cc893c6a8488a35998537

    • SHA256

      98fb7808bd50d136c90e6f4e0ecaa76244f2c9958f84fba64ff3d801133fa43c

    • SHA512

      e887ebea2b3fa05191586dd454f0b319a0c8c4989919b50252b17e2bb65512c93d9e731d3c6aaf2c1b9884ca5ae6f78647662f067612bc403e8542f1d7cdcd5c

    • SSDEEP

      3072:sr85CNYC16JxUN5PhGgYqqkQFWzKVzMezr85C:k9NYA5PhGPqCFWzKVzMeP9

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks