General
-
Target
ZagreuS Decryptor.exe
-
Size
400KB
-
Sample
241224-s9qena1nen
-
MD5
d663f543088412766bf715949784ad88
-
SHA1
a35f4737cc94ddc534280b948015a1a93ab2fa92
-
SHA256
35bdc413a651b9fbfac9ad86a112c55a07f0fcfc3f698eb03f26154ad9b5ee1e
-
SHA512
6e9a17a0716645bff38be6284efb6e857f2e8c2df01e3f92d783d8c71f522da1c9af87821ca3c78810f2c2927d3a22361ccfa1d2ae8a6fb48f83dfb67cf2eda3
-
SSDEEP
6144:k9/hTCcfUZrSecumlgSW6gXwQfLdBJjQ2wrVYijlFPmM8xx5YlX3M:whWcfr/W6gXwsLdBJj2rVYijlFPex+BM
Malware Config
Targets
-
-
Target
ZagreuS Decryptor.exe
-
Size
400KB
-
MD5
d663f543088412766bf715949784ad88
-
SHA1
a35f4737cc94ddc534280b948015a1a93ab2fa92
-
SHA256
35bdc413a651b9fbfac9ad86a112c55a07f0fcfc3f698eb03f26154ad9b5ee1e
-
SHA512
6e9a17a0716645bff38be6284efb6e857f2e8c2df01e3f92d783d8c71f522da1c9af87821ca3c78810f2c2927d3a22361ccfa1d2ae8a6fb48f83dfb67cf2eda3
-
SSDEEP
6144:k9/hTCcfUZrSecumlgSW6gXwQfLdBJjQ2wrVYijlFPmM8xx5YlX3M:whWcfr/W6gXwsLdBJj2rVYijlFPex+BM
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-