General

  • Target

    dd02f1ac86e4d2a98712ac5e5d35b2cbe8fa6f761ce773966ea848c42a1efcd0N.exe

  • Size

    537KB

  • Sample

    241217-2awbas1qaj

  • MD5

    253bfa2c894ab8cc1ab44d768429a850

  • SHA1

    0766ba7c58b9d856d2ce06f9604473f6cab14a8f

  • SHA256

    dd02f1ac86e4d2a98712ac5e5d35b2cbe8fa6f761ce773966ea848c42a1efcd0

  • SHA512

    c96f64a7faafd82c74b053ff285cbfbd2a3de71c62a1060858d95329ed93d6606daff4c8f24c4aa4a3135ffcd0404829b2d6a6e9b0f4a7f2e32ff8d5a0091882

  • SSDEEP

    12288:m12oDPintVOw0BI/1roSeT4T6XgxSTbjZkQlf/U6MRMP6s3+J3QlnioJbKXs7gG6:mIePitVOw0lT4T6OSTbjZkQlf/U6MRMQ

Malware Config

Targets

    • Target

      dd02f1ac86e4d2a98712ac5e5d35b2cbe8fa6f761ce773966ea848c42a1efcd0N.exe

    • Size

      537KB

    • MD5

      253bfa2c894ab8cc1ab44d768429a850

    • SHA1

      0766ba7c58b9d856d2ce06f9604473f6cab14a8f

    • SHA256

      dd02f1ac86e4d2a98712ac5e5d35b2cbe8fa6f761ce773966ea848c42a1efcd0

    • SHA512

      c96f64a7faafd82c74b053ff285cbfbd2a3de71c62a1060858d95329ed93d6606daff4c8f24c4aa4a3135ffcd0404829b2d6a6e9b0f4a7f2e32ff8d5a0091882

    • SSDEEP

      12288:m12oDPintVOw0BI/1roSeT4T6XgxSTbjZkQlf/U6MRMP6s3+J3QlnioJbKXs7gG6:mIePitVOw0lT4T6OSTbjZkQlf/U6MRMQ

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks