General

  • Target

    b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3cN.exe

  • Size

    4.8MB

  • Sample

    241217-zcv27sykbl

  • MD5

    64e7f75656a65ece7ffb6eb81355db30

  • SHA1

    8c27682411532ef3bc12474c7cd3a69b8706634c

  • SHA256

    b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3c

  • SHA512

    9f88d12776c522379563bc78882792e629094035cd81faf0df20cb7fb93357a4b1cbfde63a26ca05e92d211a094ecfa391d097677253e06627a3535bdd827ab8

  • SSDEEP

    98304:MIBdcegPTApJRVaNz6mCuzOEZE/bEloTj5559AQyk2B5lx8LV:MUc57eRcLCc+b9Td5AQyk2B5T8LV

Malware Config

Targets

    • Target

      b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3cN.exe

    • Size

      4.8MB

    • MD5

      64e7f75656a65ece7ffb6eb81355db30

    • SHA1

      8c27682411532ef3bc12474c7cd3a69b8706634c

    • SHA256

      b482c0e2d0d70f4b83c2d7597fcbdd9f48554d9f67197260d9ea868fc1ba9f3c

    • SHA512

      9f88d12776c522379563bc78882792e629094035cd81faf0df20cb7fb93357a4b1cbfde63a26ca05e92d211a094ecfa391d097677253e06627a3535bdd827ab8

    • SSDEEP

      98304:MIBdcegPTApJRVaNz6mCuzOEZE/bEloTj5559AQyk2B5lx8LV:MUc57eRcLCc+b9Td5AQyk2B5T8LV

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks