General
-
Target
ap-file-vaultFile17860871362159645161.vol-1820315645.zip
-
Size
75KB
-
Sample
250112-2p8vyawjaq
-
MD5
dc14dd5a95a86367ee8d29fa4f51a501
-
SHA1
801c9d0db08606a104e333bf566c8427726f3d94
-
SHA256
71fc77e67f678ecce8cdf54431ef7236a43c636f4178def33416d3a001677ea8
-
SHA512
5617b8eaa1eef879e45ee6dcfdc70944cea28ff7e127bbf39d6755e84757d5a04f973113e5a107a6498a7a31bfd0f251aa8e0b41ba6313da0fdebd04a5a856aa
-
SSDEEP
1536:M4DhxrNvPMqDs6u0IaX3i2t4LsGeEBFKuJPkLpvvc0Bi7+If2TefLV:M4DhxrrDsOIYL7HaSpv5Bi7Tf2Kh
Malware Config
Targets
-
-
Target
vaultFile17860871362159645161.vol
-
Size
209KB
-
MD5
c3b092c82bb07c971f1c4b003cfe5796
-
SHA1
84fa3b5572979cc4ee19467750363754c821d633
-
SHA256
87c860b8217cbb98f12cbe9e45085a7939b9cd5695592fc0f08c4d5897d3a3d5
-
SHA512
977e0f9f1b64e6a1285abe0d783bd6d6f5819be337018ed3494278a6b2cbdc9fe9380018fa24f6312f497b0a89dc00267c47f1ba15b6541cc1fbc9b91e23a6da
-
SSDEEP
3072:sr85CziKuio6UKhjklcG6Otjaq8VLUzmhb:k9ziKuio6UKhAlcG6OtjarFUzw
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-