General

  • Target

    6b7f6295aa92116752f3b1f6096896ae903d8d6f429c84df15abd3c95ec615bd

  • Size

    3.3MB

  • Sample

    241208-3py66swlft

  • MD5

    72ed14ef3babbdaceeb8d475bdecbafa

  • SHA1

    23477f899c2d4ddcdd139affcd6f1bca82b41ee8

  • SHA256

    6b7f6295aa92116752f3b1f6096896ae903d8d6f429c84df15abd3c95ec615bd

  • SHA512

    65b2098d24a44a9a4f67d93a2e00fa1f792dca9d91a33e011fbb635d49879118401e05780fcae6afaae905fe2835f11a48644ab8d8aeea375a9b7a7fe7e11595

  • SSDEEP

    49152:Fi9GBnXPwdNjukN9hQHbw7wN7uJJleP+vga2hTA/FFJx:OoXod/N9hy8EuJJlePaga2JA/FFJx

Malware Config

Targets

    • Target

      6b7f6295aa92116752f3b1f6096896ae903d8d6f429c84df15abd3c95ec615bd

    • Size

      3.3MB

    • MD5

      72ed14ef3babbdaceeb8d475bdecbafa

    • SHA1

      23477f899c2d4ddcdd139affcd6f1bca82b41ee8

    • SHA256

      6b7f6295aa92116752f3b1f6096896ae903d8d6f429c84df15abd3c95ec615bd

    • SHA512

      65b2098d24a44a9a4f67d93a2e00fa1f792dca9d91a33e011fbb635d49879118401e05780fcae6afaae905fe2835f11a48644ab8d8aeea375a9b7a7fe7e11595

    • SSDEEP

      49152:Fi9GBnXPwdNjukN9hQHbw7wN7uJJleP+vga2hTA/FFJx:OoXod/N9hy8EuJJlePaga2JA/FFJx

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks