General

  • Target

    7b64d1b54835c47b246669104c75ff2031f28047e196fd31bf9609ae4cd78c53N.exe

  • Size

    645KB

  • Sample

    241211-kq38eavqfw

  • MD5

    a4b959543b0e803e5b7b244d8f8dad90

  • SHA1

    3c6660ac90c2ba8b17f4dc44c60d0a2d5f1a6ea1

  • SHA256

    7b64d1b54835c47b246669104c75ff2031f28047e196fd31bf9609ae4cd78c53

  • SHA512

    aad9dc90a6e4a3b37a6e70225d854493a5fbeef37a78e08622cc0aaa079a89d4be6266e749aefc28ffc7d617d5c5e4d96aed0e4fb9d7e48f61da026a4d977162

  • SSDEEP

    12288:BPNyDPCwn3/oSwpjnVWqqPIBONhxsUbPqYy2wa:LTwgSww/xsUbPO2B

Malware Config

Targets

    • Target

      7b64d1b54835c47b246669104c75ff2031f28047e196fd31bf9609ae4cd78c53N.exe

    • Size

      645KB

    • MD5

      a4b959543b0e803e5b7b244d8f8dad90

    • SHA1

      3c6660ac90c2ba8b17f4dc44c60d0a2d5f1a6ea1

    • SHA256

      7b64d1b54835c47b246669104c75ff2031f28047e196fd31bf9609ae4cd78c53

    • SHA512

      aad9dc90a6e4a3b37a6e70225d854493a5fbeef37a78e08622cc0aaa079a89d4be6266e749aefc28ffc7d617d5c5e4d96aed0e4fb9d7e48f61da026a4d977162

    • SSDEEP

      12288:BPNyDPCwn3/oSwpjnVWqqPIBONhxsUbPqYy2wa:LTwgSww/xsUbPO2B

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks