General

  • Target

    00c31d35ecc61338b3b86cfa954414e9dc8d83cba666d05db9411985dfa246a4N.exe

  • Size

    975KB

  • Sample

    241216-p5ntgs1rcp

  • MD5

    f17d17f28cc6693596e76b41d4369860

  • SHA1

    ff879e8bdf1e1810f3953997dfc9932ce1be69cf

  • SHA256

    00c31d35ecc61338b3b86cfa954414e9dc8d83cba666d05db9411985dfa246a4

  • SHA512

    027a52fb7c8c303dd2e01d2bdd6e4cf813bee9c3f52bad2bfeabc64e7214b3e09884f353a78b2ae0705e196cd726558508ef28e2a141a85f794a43e486b694d7

  • SSDEEP

    24576:k3+eWsN3skA4RV1Hom2KXMmHa0Yz9UObo5TAHnx:k3+ZkldoPK8YaLZUOiex

Malware Config

Targets

    • Target

      00c31d35ecc61338b3b86cfa954414e9dc8d83cba666d05db9411985dfa246a4N.exe

    • Size

      975KB

    • MD5

      f17d17f28cc6693596e76b41d4369860

    • SHA1

      ff879e8bdf1e1810f3953997dfc9932ce1be69cf

    • SHA256

      00c31d35ecc61338b3b86cfa954414e9dc8d83cba666d05db9411985dfa246a4

    • SHA512

      027a52fb7c8c303dd2e01d2bdd6e4cf813bee9c3f52bad2bfeabc64e7214b3e09884f353a78b2ae0705e196cd726558508ef28e2a141a85f794a43e486b694d7

    • SSDEEP

      24576:k3+eWsN3skA4RV1Hom2KXMmHa0Yz9UObo5TAHnx:k3+ZkldoPK8YaLZUOiex

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks