General

  • Target

    bdc093c30a60d840cc2f0e8b2421b39807a5ef6ec1f977b1992d2dd42c236f1cN.exe

  • Size

    1.1MB

  • Sample

    250124-xs561avmdq

  • MD5

    93a683529a53953f96b8e7a0e4d97320

  • SHA1

    c73dc8869dc527c9686338545fa9f6f0b824042f

  • SHA256

    bdc093c30a60d840cc2f0e8b2421b39807a5ef6ec1f977b1992d2dd42c236f1c

  • SHA512

    1fec61913b79274bd789d15f6db48e90a604adb200b61d639b5f0ddc8ab53d639123fd19a018ca26e09cabc279b4d9c272307c9aaaf0b490866f857e60dc2d94

  • SSDEEP

    12288:LXFCJgBi+ogIXLvJCdlUyLypz8wCGbVn2Ifs8Jw7lES/x+hzGoswtRMO:LXFCJgBi+ogIXE3UyLyZnV2IklxptlU

Malware Config

Targets

    • Target

      bdc093c30a60d840cc2f0e8b2421b39807a5ef6ec1f977b1992d2dd42c236f1cN.exe

    • Size

      1.1MB

    • MD5

      93a683529a53953f96b8e7a0e4d97320

    • SHA1

      c73dc8869dc527c9686338545fa9f6f0b824042f

    • SHA256

      bdc093c30a60d840cc2f0e8b2421b39807a5ef6ec1f977b1992d2dd42c236f1c

    • SHA512

      1fec61913b79274bd789d15f6db48e90a604adb200b61d639b5f0ddc8ab53d639123fd19a018ca26e09cabc279b4d9c272307c9aaaf0b490866f857e60dc2d94

    • SSDEEP

      12288:LXFCJgBi+ogIXLvJCdlUyLypz8wCGbVn2Ifs8Jw7lES/x+hzGoswtRMO:LXFCJgBi+ogIXE3UyLyZnV2IklxptlU

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.