General

  • Target

    170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706N.exe

  • Size

    1.4MB

  • Sample

    241218-d8mvtasrbk

  • MD5

    743ad0b26a85a1c2747e0bc71c254360

  • SHA1

    43f4ebada8fde7af4a79591451b45aa3f6c4e5e6

  • SHA256

    170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706

  • SHA512

    93167c85fe078386f84a3c9a01d4f8f81a2ef998e7257b618d63ce4e0425423a093699ce7757232eab14a295216932e5ca7b622fc5ec920d67531aa724219ff7

  • SSDEEP

    24576:Mh3QCxH+ORg5Ep0c6fe0tTEtfufO1pLofVukuJ4QqRk4u2+jKvwcbaiRaY2dLEIq:Mhhg5EuJfHt3fO1pcNukuMk4unmbHUYt

Malware Config

Targets

    • Target

      170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706N.exe

    • Size

      1.4MB

    • MD5

      743ad0b26a85a1c2747e0bc71c254360

    • SHA1

      43f4ebada8fde7af4a79591451b45aa3f6c4e5e6

    • SHA256

      170debcdb15049bacfe39433d7f76e67e71020404e37197b9fe2fcd29101c706

    • SHA512

      93167c85fe078386f84a3c9a01d4f8f81a2ef998e7257b618d63ce4e0425423a093699ce7757232eab14a295216932e5ca7b622fc5ec920d67531aa724219ff7

    • SSDEEP

      24576:Mh3QCxH+ORg5Ep0c6fe0tTEtfufO1pLofVukuJ4QqRk4u2+jKvwcbaiRaY2dLEIq:Mhhg5EuJfHt3fO1pcNukuMk4unmbHUYt

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks