General

  • Target

    71796edff5c3363d6ed4fb9ef8ffa006e396e9ad21d32afdc2d88b0010d3314cN.exe

  • Size

    6.1MB

  • Sample

    241207-x86sgazke1

  • MD5

    07432c5f305ac35c5f81e616901391e0

  • SHA1

    709f26c8a11cdfd44f76db112078bafbd4b4cd67

  • SHA256

    71796edff5c3363d6ed4fb9ef8ffa006e396e9ad21d32afdc2d88b0010d3314c

  • SHA512

    537fde84d92cadf87e02111e55368bd9b20afc59f2ddbee7f3030b31d29befe942cd798f75606e120958e5484a48a62bcd37418ac11ee69f6663beb26b54d666

  • SSDEEP

    49152:6o1Su8RAF7b9L4C/aDLYuWWKiVZ9vC+L57LYiNhB9PcM3dCU5vq/zhEe1okoqJKd:YCizfh9hQlLokoqlWOjrM

Malware Config

Targets

    • Target

      71796edff5c3363d6ed4fb9ef8ffa006e396e9ad21d32afdc2d88b0010d3314cN.exe

    • Size

      6.1MB

    • MD5

      07432c5f305ac35c5f81e616901391e0

    • SHA1

      709f26c8a11cdfd44f76db112078bafbd4b4cd67

    • SHA256

      71796edff5c3363d6ed4fb9ef8ffa006e396e9ad21d32afdc2d88b0010d3314c

    • SHA512

      537fde84d92cadf87e02111e55368bd9b20afc59f2ddbee7f3030b31d29befe942cd798f75606e120958e5484a48a62bcd37418ac11ee69f6663beb26b54d666

    • SSDEEP

      49152:6o1Su8RAF7b9L4C/aDLYuWWKiVZ9vC+L57LYiNhB9PcM3dCU5vq/zhEe1okoqJKd:YCizfh9hQlLokoqlWOjrM

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks