General

  • Target

    05940fd54c028898dc6473ea3f6ae9c9e97f342f54837c69d48f8182d40584d1N.exe

  • Size

    1.3MB

  • Sample

    241217-p75j1s1kam

  • MD5

    3847346201c366123ac03e816c593350

  • SHA1

    9a93a7c3347dc87076daf7c4d877102e14fbfc80

  • SHA256

    05940fd54c028898dc6473ea3f6ae9c9e97f342f54837c69d48f8182d40584d1

  • SHA512

    364a17ebb6f125b5637574513d5d0d5bef2789019af24b5c104f7536649845d8b5576bfe5da178401a043831e68c99290a7b2e5a36591befaa13e2c32bf6e9bf

  • SSDEEP

    24576:RvY8cAmBVx6JciGN9wWPgZdL4me+vtNkYEQynSvnzj:RKtiGoWPgZaDYEnOj

Malware Config

Targets

    • Target

      05940fd54c028898dc6473ea3f6ae9c9e97f342f54837c69d48f8182d40584d1N.exe

    • Size

      1.3MB

    • MD5

      3847346201c366123ac03e816c593350

    • SHA1

      9a93a7c3347dc87076daf7c4d877102e14fbfc80

    • SHA256

      05940fd54c028898dc6473ea3f6ae9c9e97f342f54837c69d48f8182d40584d1

    • SHA512

      364a17ebb6f125b5637574513d5d0d5bef2789019af24b5c104f7536649845d8b5576bfe5da178401a043831e68c99290a7b2e5a36591befaa13e2c32bf6e9bf

    • SSDEEP

      24576:RvY8cAmBVx6JciGN9wWPgZdL4me+vtNkYEQynSvnzj:RKtiGoWPgZaDYEnOj

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks