General

  • Target

    78ef0a6354abf4f00edc56df3c44ccc5da5685c473d8f9d546505ec65a45d8cb

  • Size

    539KB

  • Sample

    241218-ad49tstmex

  • MD5

    c8c84fe604cd5b2049d900c5efb602c8

  • SHA1

    83129c70f682d667c7d0101e01e658d7c71464d4

  • SHA256

    78ef0a6354abf4f00edc56df3c44ccc5da5685c473d8f9d546505ec65a45d8cb

  • SHA512

    b95e767815411dc4e6605b1c6e9fee65bcd07b88c63058106d52f91f2c64f79c07101ddd4c5ff94eef676b47e07722a499f39cdde0b593ad71e9b8f9165b5035

  • SSDEEP

    6144:k9j+6HdPhzlioNdbMLu86NGntF1ua3VcsIWlA1g7QWB4/a2FNu:o+YdPhz4EdbPNgt4GlIg7QWMhvu

Malware Config

Targets

    • Target

      78ef0a6354abf4f00edc56df3c44ccc5da5685c473d8f9d546505ec65a45d8cb

    • Size

      539KB

    • MD5

      c8c84fe604cd5b2049d900c5efb602c8

    • SHA1

      83129c70f682d667c7d0101e01e658d7c71464d4

    • SHA256

      78ef0a6354abf4f00edc56df3c44ccc5da5685c473d8f9d546505ec65a45d8cb

    • SHA512

      b95e767815411dc4e6605b1c6e9fee65bcd07b88c63058106d52f91f2c64f79c07101ddd4c5ff94eef676b47e07722a499f39cdde0b593ad71e9b8f9165b5035

    • SSDEEP

      6144:k9j+6HdPhzlioNdbMLu86NGntF1ua3VcsIWlA1g7QWB4/a2FNu:o+YdPhz4EdbPNgt4GlIg7QWMhvu

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks