General

  • Target

    4a532fa9ff3090_encdeault__20544073213.zip

  • Size

    2.1MB

  • Sample

    241227-fzkp7ssler

  • MD5

    56941014181269fa3c82f85f54126cb6

  • SHA1

    e5cafe582c3cdfeb3d7a09d44972b0ee42b67e57

  • SHA256

    8ab1902c6106ed17855179053bab0b34fbbbbda8fd0a21d0f42f919db12d09f0

  • SHA512

    cd4a2c8e67254ee5ad214d2d61fb06ff3f572bb3baa7fd7f073fbc0e62030a903bf2fd747226f884ead4e7d2405dc708625d2f3208bac85ec3ff32b125aba241

  • SSDEEP

    49152:k8kgURIPMDbuGNHKIt/TfD3nmgweA/LXLYkZws:12IPMLHj53mb5ckZx

Malware Config

Targets

    • Target

      a948d5a671ce86b84f514772a178e4526939b86331b207de201304686307e66e

    • Size

      2.2MB

    • MD5

      22ad737f258a118843efa7f83ff8466e

    • SHA1

      4a532fa9ff30909e0bca7b574eabe7623fad84ae

    • SHA256

      a948d5a671ce86b84f514772a178e4526939b86331b207de201304686307e66e

    • SHA512

      d11d20814dcce8d7edf05c6d8d8bc6ca64dc5da1da23e1c4cb2165734ff358d45b0fcaa93dcf6296b721b47491143aaa2d6270c6a7de783fd79686171dae8788

    • SSDEEP

      49152:Qifu1DBgutBPNcpwcjVpNMkCZZpsYpmwZ3hQ8cTEoDgwRO:QvguPP4wc3NMkCGGmugTEKgwRO

    • Detect Neshta payload

    • Detects Mimic ransomware

    • Mimic

      Ransomware family was first exploited in the wild in 2022.

    • Mimic family

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks