General
-
Target
88e8e3f3c55f54c6f1550965708c49ccbc3e69b7aeeff3fc1b0c27b63b14a539N.exe
-
Size
3.2MB
-
Sample
241219-gtz4dasner
-
MD5
c6afbbcd26162a388e63cc3d5c010c10
-
SHA1
5614bc2fcb1ac46da7a33b4dbf3d6351a92c6930
-
SHA256
88e8e3f3c55f54c6f1550965708c49ccbc3e69b7aeeff3fc1b0c27b63b14a539
-
SHA512
5dfedc24b7e640811e09fa27f220054648a9fa6829e7d96e1fd58771aff6491100de2337f3703c6c2b8dca4b4eccbe49b9e81a8f27643518d12a1c5717cf578e
-
SSDEEP
49152:aShHaVYNjEv3hIUPl1v01s3boMWfOEp9/l0j5NYcVtcht/P5p8gQ:aSkYkRIk7gMDEpb00Ctyn5p8gQ
Malware Config
Targets
-
-
Target
88e8e3f3c55f54c6f1550965708c49ccbc3e69b7aeeff3fc1b0c27b63b14a539N.exe
-
Size
3.2MB
-
MD5
c6afbbcd26162a388e63cc3d5c010c10
-
SHA1
5614bc2fcb1ac46da7a33b4dbf3d6351a92c6930
-
SHA256
88e8e3f3c55f54c6f1550965708c49ccbc3e69b7aeeff3fc1b0c27b63b14a539
-
SHA512
5dfedc24b7e640811e09fa27f220054648a9fa6829e7d96e1fd58771aff6491100de2337f3703c6c2b8dca4b4eccbe49b9e81a8f27643518d12a1c5717cf578e
-
SSDEEP
49152:aShHaVYNjEv3hIUPl1v01s3boMWfOEp9/l0j5NYcVtcht/P5p8gQ:aSkYkRIk7gMDEpb00Ctyn5p8gQ
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1