General

  • Target

    1bd926c75e799d112871c977da1a87e5590d71deda49960036c61652133073caN.exe

  • Size

    482KB

  • Sample

    250123-3f413aylc1

  • MD5

    eb0b24dc17d606db50357792ba08a3f0

  • SHA1

    d4db8ccf2366462de37047e871fede7ac3973c69

  • SHA256

    1bd926c75e799d112871c977da1a87e5590d71deda49960036c61652133073ca

  • SHA512

    035373f13628dda81d517b913c25ee13f6a02d5276c18c8d28ca337decfbce2dfcf522961758f05d1790d3f6c1bd46ae0768e79a4abd976e0ff0f5ffe873a903

  • SSDEEP

    3072:sr85CCQ2z1yr5JShnr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr9:k9CQvAr9N9N9N9N9N9N9N9N9N9

Malware Config

Targets

    • Target

      1bd926c75e799d112871c977da1a87e5590d71deda49960036c61652133073caN.exe

    • Size

      482KB

    • MD5

      eb0b24dc17d606db50357792ba08a3f0

    • SHA1

      d4db8ccf2366462de37047e871fede7ac3973c69

    • SHA256

      1bd926c75e799d112871c977da1a87e5590d71deda49960036c61652133073ca

    • SHA512

      035373f13628dda81d517b913c25ee13f6a02d5276c18c8d28ca337decfbce2dfcf522961758f05d1790d3f6c1bd46ae0768e79a4abd976e0ff0f5ffe873a903

    • SSDEEP

      3072:sr85CCQ2z1yr5JShnr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr85Cxr9:k9CQvAr9N9N9N9N9N9N9N9N9N9

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.