General

  • Target

    85f72e6571a4c1738a71b8a696471223caedeb37343423cd4b952cfa4efb6614.exe

  • Size

    1.5MB

  • Sample

    241217-ywmphaxpal

  • MD5

    c073ee92acf98578ed636d4e9d501d37

  • SHA1

    b7d2e0d4a3c30131fdb61695ec4186119fa4610f

  • SHA256

    85f72e6571a4c1738a71b8a696471223caedeb37343423cd4b952cfa4efb6614

  • SHA512

    3406eb43e975a980ab79a7512e89a0470d4bae5da4017c1ce2d1d1c5aefca90711086a4e8bf615a93bfc9323be37cc04d778f78d9b9a3cdc0323a6e1c4825515

  • SSDEEP

    49152:MbwdlPMoiO/xKkI0S+4TP2zpEomBIyeH8v:Mb1OpKkI0qTP2z+YHU

Malware Config

Targets

    • Target

      85f72e6571a4c1738a71b8a696471223caedeb37343423cd4b952cfa4efb6614.exe

    • Size

      1.5MB

    • MD5

      c073ee92acf98578ed636d4e9d501d37

    • SHA1

      b7d2e0d4a3c30131fdb61695ec4186119fa4610f

    • SHA256

      85f72e6571a4c1738a71b8a696471223caedeb37343423cd4b952cfa4efb6614

    • SHA512

      3406eb43e975a980ab79a7512e89a0470d4bae5da4017c1ce2d1d1c5aefca90711086a4e8bf615a93bfc9323be37cc04d778f78d9b9a3cdc0323a6e1c4825515

    • SSDEEP

      49152:MbwdlPMoiO/xKkI0S+4TP2zpEomBIyeH8v:Mb1OpKkI0qTP2z+YHU

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks