General

  • Target

    abc1a94e9de4b4ffd0ff76838576f69edf94fbe33f26a365c31712258e081af9.exe

  • Size

    2.6MB

  • Sample

    241217-xzeydsvnet

  • MD5

    3bfe66d37403aeb363e09fc84a7b9dd2

  • SHA1

    e72708011713e36be5cde157a52e6122bd08673e

  • SHA256

    abc1a94e9de4b4ffd0ff76838576f69edf94fbe33f26a365c31712258e081af9

  • SHA512

    4c5cc2f9411c93dbc9a928f6a5300aa0b7c5d3cebb85840b5a2efaaa765546c26b2cc8e4b835c73a6dcfb536c7328d6b8c9d4e8069a7a4a56379bf3829ce99db

  • SSDEEP

    49152:AXlSnTo4QflIXMVJuk5he9J/HVW6OM3nAYUymARGu0gnkTYqzhrxzfEnvUM:AXlSTo4Qf6MVJFim6OM3nkymARGuBZUi

Malware Config

Targets

    • Target

      abc1a94e9de4b4ffd0ff76838576f69edf94fbe33f26a365c31712258e081af9.exe

    • Size

      2.6MB

    • MD5

      3bfe66d37403aeb363e09fc84a7b9dd2

    • SHA1

      e72708011713e36be5cde157a52e6122bd08673e

    • SHA256

      abc1a94e9de4b4ffd0ff76838576f69edf94fbe33f26a365c31712258e081af9

    • SHA512

      4c5cc2f9411c93dbc9a928f6a5300aa0b7c5d3cebb85840b5a2efaaa765546c26b2cc8e4b835c73a6dcfb536c7328d6b8c9d4e8069a7a4a56379bf3829ce99db

    • SSDEEP

      49152:AXlSnTo4QflIXMVJuk5he9J/HVW6OM3nAYUymARGu0gnkTYqzhrxzfEnvUM:AXlSTo4Qf6MVJFim6OM3nkymARGuBZUi

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks