General

  • Target

    bf138d875d511ee480e026ff5b7875182fde703bc1df6f84c316f0a7775e45b0N.exe

  • Size

    186KB

  • Sample

    241217-f3ptbssjas

  • MD5

    e14a06b2ad96a52868902869a5f13e90

  • SHA1

    20c3915c279a8703f1cdab644a9185e65987df7f

  • SHA256

    bf138d875d511ee480e026ff5b7875182fde703bc1df6f84c316f0a7775e45b0

  • SHA512

    a5990276f674bb39942bfe87357d5b40edeb85502e6d388ffcb1c094f55dabdd1cfc402369bfea9bc4bfa72fee139c24f40d28c95fcd253e43d7afa53b546f30

  • SSDEEP

    3072:sr85CkkbAYn2GgYlBYN2fHYTo+JZr85Czr85C:k9xbAMpgY3gTD9P9

Malware Config

Targets

    • Target

      bf138d875d511ee480e026ff5b7875182fde703bc1df6f84c316f0a7775e45b0N.exe

    • Size

      186KB

    • MD5

      e14a06b2ad96a52868902869a5f13e90

    • SHA1

      20c3915c279a8703f1cdab644a9185e65987df7f

    • SHA256

      bf138d875d511ee480e026ff5b7875182fde703bc1df6f84c316f0a7775e45b0

    • SHA512

      a5990276f674bb39942bfe87357d5b40edeb85502e6d388ffcb1c094f55dabdd1cfc402369bfea9bc4bfa72fee139c24f40d28c95fcd253e43d7afa53b546f30

    • SSDEEP

      3072:sr85CkkbAYn2GgYlBYN2fHYTo+JZr85Czr85C:k9xbAMpgY3gTD9P9

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks