General
-
Target
ap-file-vaultFile11006347749467126253.vol-1149344511.zip
-
Size
1.7MB
-
Sample
250112-2xmmnstkhz
-
MD5
21948a531ae7da7a313275f6081c8fdc
-
SHA1
cbdfeaad8aaaa13aed8f144e5ab28cf762402c91
-
SHA256
a2e6bb1ddffedcbe082196ade2fd2742ee8b68658ba7bdf846c3be709f15fb4e
-
SHA512
c947e1b602547a7229287b4b1a2be5b369feb0ff5256dabe245111ce282f0450a65e2c8121faa43c5c0dbafdd0f11ef14e13975f0cc409eb959e4029a1c91a30
-
SSDEEP
49152:vihKWY6uVzM6deQFnEYYY+6uzDzCfyYLAS:vi9mM6UQFnapniLP
Malware Config
Targets
-
-
Target
vaultFile11006347749467126253.vol
-
Size
4.1MB
-
MD5
a9dd2982d7f123950a6865bd7b59906a
-
SHA1
1f258810190dca1cfcc34dc3adfb083255f23330
-
SHA256
92b303f29d883e414190f1263ea4ad7a6e556dfab7d3e0fd91bbae133c125a52
-
SHA512
f15472a17653c585f6b4bf4be097119be01b2c77ecefe8271fd8024ba3ab51962fef40f13f395b4db534420846e9e80f35e3c13116f580cf3908daa0fc70ba4e
-
SSDEEP
49152:XEBgnnvHwB+yswrZr8mm6LhL02F989+SwEIe9by/uMnoVedHqCchacRcHkAQ6TU:LnvC+GkAJqDJRMI
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-