General

  • Target

    b0b37f982064c0d501d2769cc601a6c7c962e90f87ea8c7f06d6a66e109a4145N.exe

  • Size

    161KB

  • Sample

    241211-s4rqjatkcr

  • MD5

    a363a7020b0fa43af8b73f4eea26c7d0

  • SHA1

    fae3684a4afa2bb58866e72ef5682dcf202cdf66

  • SHA256

    b0b37f982064c0d501d2769cc601a6c7c962e90f87ea8c7f06d6a66e109a4145

  • SHA512

    4542f9c31768cfc54bc7ef7cc079faf104d969ad3a9dc06d4a3079d014c9bd67df0894841ae9549e75702fbb8b9e54873430c359e3e1cfbcec45c16765e1c25a

  • SSDEEP

    1536:JxqjQ+P04wsmJCRQh4tE3kgmhTXAEpXEgmghi2MhPPMpuFsj3YOr:sr85CAmEUgcTXAEpUgy1hPPsuFsTYQ

Malware Config

Targets

    • Target

      b0b37f982064c0d501d2769cc601a6c7c962e90f87ea8c7f06d6a66e109a4145N.exe

    • Size

      161KB

    • MD5

      a363a7020b0fa43af8b73f4eea26c7d0

    • SHA1

      fae3684a4afa2bb58866e72ef5682dcf202cdf66

    • SHA256

      b0b37f982064c0d501d2769cc601a6c7c962e90f87ea8c7f06d6a66e109a4145

    • SHA512

      4542f9c31768cfc54bc7ef7cc079faf104d969ad3a9dc06d4a3079d014c9bd67df0894841ae9549e75702fbb8b9e54873430c359e3e1cfbcec45c16765e1c25a

    • SSDEEP

      1536:JxqjQ+P04wsmJCRQh4tE3kgmhTXAEpXEgmghi2MhPPMpuFsj3YOr:sr85CAmEUgcTXAEpUgy1hPPsuFsTYQ

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks