General

  • Target

    b6d474a8cf2492082d480a0201373506796cf0c649c97ea17cd4aa684611c53fN.exe

  • Size

    325KB

  • Sample

    241207-zf8sgasncy

  • MD5

    8be71937e0075876af2141e160aa5120

  • SHA1

    a2505f7429e2312a9988829c9c1a830908999b3e

  • SHA256

    b6d474a8cf2492082d480a0201373506796cf0c649c97ea17cd4aa684611c53f

  • SHA512

    59c615df77cbf9647512a4b8dcdb7c10662dc23f8b564238b554568cc67af12f94aab026f2bdb06215851406828de5ad915f486ae523751f154ca8ac8972dac3

  • SSDEEP

    6144:k936YlsLeVQvmjiVg69qactBigmK2RCCGxTu:8Ae2mjiVg69cvigr8CCGxTu

Malware Config

Targets

    • Target

      b6d474a8cf2492082d480a0201373506796cf0c649c97ea17cd4aa684611c53fN.exe

    • Size

      325KB

    • MD5

      8be71937e0075876af2141e160aa5120

    • SHA1

      a2505f7429e2312a9988829c9c1a830908999b3e

    • SHA256

      b6d474a8cf2492082d480a0201373506796cf0c649c97ea17cd4aa684611c53f

    • SHA512

      59c615df77cbf9647512a4b8dcdb7c10662dc23f8b564238b554568cc67af12f94aab026f2bdb06215851406828de5ad915f486ae523751f154ca8ac8972dac3

    • SSDEEP

      6144:k936YlsLeVQvmjiVg69qactBigmK2RCCGxTu:8Ae2mjiVg69cvigr8CCGxTu

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks