General

  • Target

    d2113de064a6bcb13982214afdac3f789e9944a710fc95b9411fdb02408f86db.exe

  • Size

    455KB

  • Sample

    241217-zrp5hayner

  • MD5

    0967acc9b58047948484a6832092090e

  • SHA1

    3c6ba84913fcd17b1fa27469c8776be06a960438

  • SHA256

    d2113de064a6bcb13982214afdac3f789e9944a710fc95b9411fdb02408f86db

  • SHA512

    daf6e549b9b27d4370723b3b7b102739124dd5da477de9c0c57df6429ce3c6fd9e87876a9c53052f2d0b69f942339dda7bc64b099d6ed742eca6d540bc712a54

  • SSDEEP

    6144:k9h1l4Kax0yz4A54ihzJ+lGHbeZfJXnIZO5sVQSU:2HPax0yh54iNJEGHsiM5sa/

Malware Config

Targets

    • Target

      d2113de064a6bcb13982214afdac3f789e9944a710fc95b9411fdb02408f86db.exe

    • Size

      455KB

    • MD5

      0967acc9b58047948484a6832092090e

    • SHA1

      3c6ba84913fcd17b1fa27469c8776be06a960438

    • SHA256

      d2113de064a6bcb13982214afdac3f789e9944a710fc95b9411fdb02408f86db

    • SHA512

      daf6e549b9b27d4370723b3b7b102739124dd5da477de9c0c57df6429ce3c6fd9e87876a9c53052f2d0b69f942339dda7bc64b099d6ed742eca6d540bc712a54

    • SSDEEP

      6144:k9h1l4Kax0yz4A54ihzJ+lGHbeZfJXnIZO5sVQSU:2HPax0yh54iNJEGHsiM5sa/

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks