General

  • Target

    aea3e03d13908f4970f61c37fe663177b405d5dca5a694d9f62aba0b4f7ce964

  • Size

    1.0MB

  • Sample

    241217-cev4nawrdz

  • MD5

    63cdaefd6c2747413b7c141ae2122220

  • SHA1

    e5b9c8b9ac007c45586857b07e9f8d925781b4e0

  • SHA256

    aea3e03d13908f4970f61c37fe663177b405d5dca5a694d9f62aba0b4f7ce964

  • SHA512

    3a4dd0f19a307f9bbab60194ed9ec8e129f6029b6e84ced919ea1608255946739eee11c7a23f10d18083e80610a0b880b9b95af9a4b4b4e56a4e44d78f781b3a

  • SSDEEP

    12288:Xagb4Ct/piAUQd0v6z/9CJmgXUGCqYXK8lEihAx0jel5+nRobwLVDC:Kgbvt5UQdjz/9C1QKWDAqNVDC

Malware Config

Targets

    • Target

      aea3e03d13908f4970f61c37fe663177b405d5dca5a694d9f62aba0b4f7ce964

    • Size

      1.0MB

    • MD5

      63cdaefd6c2747413b7c141ae2122220

    • SHA1

      e5b9c8b9ac007c45586857b07e9f8d925781b4e0

    • SHA256

      aea3e03d13908f4970f61c37fe663177b405d5dca5a694d9f62aba0b4f7ce964

    • SHA512

      3a4dd0f19a307f9bbab60194ed9ec8e129f6029b6e84ced919ea1608255946739eee11c7a23f10d18083e80610a0b880b9b95af9a4b4b4e56a4e44d78f781b3a

    • SSDEEP

      12288:Xagb4Ct/piAUQd0v6z/9CJmgXUGCqYXK8lEihAx0jel5+nRobwLVDC:Kgbvt5UQdjz/9C1QKWDAqNVDC

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks