General

  • Target

    2870831e100167a2c303dd90b3cebdc1ae2f29fc4080a0f256a601200c38a419N.exe

  • Size

    235KB

  • Sample

    241207-k9wmnswlcz

  • MD5

    257ceab6abd6935977fd5e3d3742a690

  • SHA1

    c76dce5ddb71a174067f9f38459718e4bd217f9f

  • SHA256

    2870831e100167a2c303dd90b3cebdc1ae2f29fc4080a0f256a601200c38a419

  • SHA512

    59fa6c7180c575aaa944b9dd6b93f143986315116ece21419362867313aa86bfdbc34ba4623db8d9af4cdeba8925b1426833b806a3577a3c10264caca69cb222

  • SSDEEP

    6144:k98KE2kKh+0nc0y3CzweIITx+1a/Xt4nqREgc:XKE2kKhj8CzhImx+1gXt4nqREgc

Malware Config

Targets

    • Target

      2870831e100167a2c303dd90b3cebdc1ae2f29fc4080a0f256a601200c38a419N.exe

    • Size

      235KB

    • MD5

      257ceab6abd6935977fd5e3d3742a690

    • SHA1

      c76dce5ddb71a174067f9f38459718e4bd217f9f

    • SHA256

      2870831e100167a2c303dd90b3cebdc1ae2f29fc4080a0f256a601200c38a419

    • SHA512

      59fa6c7180c575aaa944b9dd6b93f143986315116ece21419362867313aa86bfdbc34ba4623db8d9af4cdeba8925b1426833b806a3577a3c10264caca69cb222

    • SSDEEP

      6144:k98KE2kKh+0nc0y3CzweIITx+1a/Xt4nqREgc:XKE2kKhj8CzhImx+1gXt4nqREgc

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks