General

  • Target

    fa797cda917c6d1c2db14fce74c56efe4bcc42580c3b97547704d5470cd28724

  • Size

    100KB

  • Sample

    241208-fen7wstlcz

  • MD5

    6ff3b8546753674dd9e140211f8957dc

  • SHA1

    8e1467c7bf0b5e48e535e159324c2f8b8a178e95

  • SHA256

    fa797cda917c6d1c2db14fce74c56efe4bcc42580c3b97547704d5470cd28724

  • SHA512

    1932d445015dfe9092e3a2727c1d0ecd466fb181ebd5d14509740c231a3ef502a915ded66988a4aceb0bc4738fae41579b2e400fba19ba34ae62d494b15514d9

  • SSDEEP

    1536:JxqjQ+P04wsmJCtE6NZroEpFR0lZZ1qtjA93njSIp6QNP9rYzzFEPI:sr85CtproEpUlZK+6glrYNh

Malware Config

Targets

    • Target

      fa797cda917c6d1c2db14fce74c56efe4bcc42580c3b97547704d5470cd28724

    • Size

      100KB

    • MD5

      6ff3b8546753674dd9e140211f8957dc

    • SHA1

      8e1467c7bf0b5e48e535e159324c2f8b8a178e95

    • SHA256

      fa797cda917c6d1c2db14fce74c56efe4bcc42580c3b97547704d5470cd28724

    • SHA512

      1932d445015dfe9092e3a2727c1d0ecd466fb181ebd5d14509740c231a3ef502a915ded66988a4aceb0bc4738fae41579b2e400fba19ba34ae62d494b15514d9

    • SSDEEP

      1536:JxqjQ+P04wsmJCtE6NZroEpFR0lZZ1qtjA93njSIp6QNP9rYzzFEPI:sr85CtproEpUlZK+6glrYNh

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks