General

  • Target

    61469bc9a1f5ec581a481817f4a701c4743c6bccd4d180f7fd5c14153986a2cfN.exe

  • Size

    7.2MB

  • Sample

    241207-dwdrdatkdx

  • MD5

    05442d4ae12dcdbe66842668eff47790

  • SHA1

    7325d4e70648f103bea78c6005c54087389925c3

  • SHA256

    61469bc9a1f5ec581a481817f4a701c4743c6bccd4d180f7fd5c14153986a2cf

  • SHA512

    7a9798a395c1ea133ec15ea2d09f9f3527083f5ced4be7b21db1d170a86f06fed282e4b189eb74d93a564f29e36b6178f969f000d7472fe40718d976b850e742

  • SSDEEP

    196608:Ye4cH6mibEdWLfvnEQFwbBEPbaJzQX1zt9y8T7wUbGLa7/c:mcHM4MDEkOBEPwzc1z9TZ/c

Malware Config

Targets

    • Target

      61469bc9a1f5ec581a481817f4a701c4743c6bccd4d180f7fd5c14153986a2cfN.exe

    • Size

      7.2MB

    • MD5

      05442d4ae12dcdbe66842668eff47790

    • SHA1

      7325d4e70648f103bea78c6005c54087389925c3

    • SHA256

      61469bc9a1f5ec581a481817f4a701c4743c6bccd4d180f7fd5c14153986a2cf

    • SHA512

      7a9798a395c1ea133ec15ea2d09f9f3527083f5ced4be7b21db1d170a86f06fed282e4b189eb74d93a564f29e36b6178f969f000d7472fe40718d976b850e742

    • SSDEEP

      196608:Ye4cH6mibEdWLfvnEQFwbBEPbaJzQX1zt9y8T7wUbGLa7/c:mcHM4MDEkOBEPwzc1z9TZ/c

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks