General

  • Target

    0f1d4240a36c15367fc4a441288149d683f43eb05b1c2a60f642a4313296b225

  • Size

    964KB

  • Sample

    241216-ydvbmazkem

  • MD5

    eac340816ae9932197fd6cc6da59224e

  • SHA1

    b1fd62359bbff474196f431ef8f594d40b6fc558

  • SHA256

    0f1d4240a36c15367fc4a441288149d683f43eb05b1c2a60f642a4313296b225

  • SHA512

    2815b6eec7042de4833bd932b9a50e59b02df718df286bec65bb26c775555f7961027a93f683593829e74c727e19ec7cd8a0980062d3eabed4b251ed35c6ab49

  • SSDEEP

    24576:8PgKGIBRRgkCSRFjLXmPCuqg4z+zAornj:hKGPkfRRVe4C7

Malware Config

Targets

    • Target

      0f1d4240a36c15367fc4a441288149d683f43eb05b1c2a60f642a4313296b225

    • Size

      964KB

    • MD5

      eac340816ae9932197fd6cc6da59224e

    • SHA1

      b1fd62359bbff474196f431ef8f594d40b6fc558

    • SHA256

      0f1d4240a36c15367fc4a441288149d683f43eb05b1c2a60f642a4313296b225

    • SHA512

      2815b6eec7042de4833bd932b9a50e59b02df718df286bec65bb26c775555f7961027a93f683593829e74c727e19ec7cd8a0980062d3eabed4b251ed35c6ab49

    • SSDEEP

      24576:8PgKGIBRRgkCSRFjLXmPCuqg4z+zAornj:hKGPkfRRVe4C7

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks