General

  • Target

    5f64f281cdbbef1f3f0450eb752bbf2396db60a5991775741b9f42ce6662ba20

  • Size

    88KB

  • Sample

    241216-2t4rsasnbt

  • MD5

    ba308cc7552304016fbc28e0d5d84549

  • SHA1

    5846d7e004e9b0385f37a048dc4b8d0833ff8ffb

  • SHA256

    5f64f281cdbbef1f3f0450eb752bbf2396db60a5991775741b9f42ce6662ba20

  • SHA512

    32877c301e0cea3107cb1c816630d5611b725a2753f4ba8635f46345d808593460197e81e84419bdf7509c00415da0e2782db856ec2951b821d900155b3a6828

  • SSDEEP

    1536:JxqjQ+P04wsmJCSROoLm8BM6vT2up8sPKe:sr85CSROobO6r2+8sPKe

Malware Config

Targets

    • Target

      5f64f281cdbbef1f3f0450eb752bbf2396db60a5991775741b9f42ce6662ba20

    • Size

      88KB

    • MD5

      ba308cc7552304016fbc28e0d5d84549

    • SHA1

      5846d7e004e9b0385f37a048dc4b8d0833ff8ffb

    • SHA256

      5f64f281cdbbef1f3f0450eb752bbf2396db60a5991775741b9f42ce6662ba20

    • SHA512

      32877c301e0cea3107cb1c816630d5611b725a2753f4ba8635f46345d808593460197e81e84419bdf7509c00415da0e2782db856ec2951b821d900155b3a6828

    • SSDEEP

      1536:JxqjQ+P04wsmJCSROoLm8BM6vT2up8sPKe:sr85CSROobO6r2+8sPKe

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks