General
-
Target
c2d5ca88f3cef3d7269927f81c706251b9f0d56c50969a800e0a7eadeede30be
-
Size
627KB
-
Sample
241219-dvlqlavpdz
-
MD5
1d56889095c80445fe070a698139e9de
-
SHA1
1142a8be42dd3761ea08ba6575027521b089ef37
-
SHA256
c2d5ca88f3cef3d7269927f81c706251b9f0d56c50969a800e0a7eadeede30be
-
SHA512
3bea47099870f321f98cf9e87f486edf4f113df1ae171b57bb492a9bb135c3b9046ba9f1f40936c765969c4be8f3b4ba80f478018cf815145aa9da907ac25c02
-
SSDEEP
12288:Ym31gW73grFaJw1gQFK3CARY4x86PkcGL7rp:Ym3KWWAS1gQnqLxOL7
Malware Config
Targets
-
-
Target
c2d5ca88f3cef3d7269927f81c706251b9f0d56c50969a800e0a7eadeede30be
-
Size
627KB
-
MD5
1d56889095c80445fe070a698139e9de
-
SHA1
1142a8be42dd3761ea08ba6575027521b089ef37
-
SHA256
c2d5ca88f3cef3d7269927f81c706251b9f0d56c50969a800e0a7eadeede30be
-
SHA512
3bea47099870f321f98cf9e87f486edf4f113df1ae171b57bb492a9bb135c3b9046ba9f1f40936c765969c4be8f3b4ba80f478018cf815145aa9da907ac25c02
-
SSDEEP
12288:Ym31gW73grFaJw1gQFK3CARY4x86PkcGL7rp:Ym3KWWAS1gQnqLxOL7
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1