General
-
Target
2025-03-29_60e70ecb98ad10f9ff8386430782992d_black-basta_luca-stealer_neshta_ngrbot
-
Size
7.9MB
-
Sample
250329-qjejcsvrs2
-
MD5
60e70ecb98ad10f9ff8386430782992d
-
SHA1
08428fe99da0c33c8fa096a30504735be4456216
-
SHA256
fcb38e94773811900eb54fffb7a4c91e6d0149bcf29186d10b716685048c33da
-
SHA512
f04006b213f0f99a037727320191e6627807accba63d7566577397b2add505676f3b910fa37751543322ad7134c36af4be6b0a003971f3effa16cf374cb9ec44
-
SSDEEP
98304:69x2F450R4M+128SoJhiZ460XCEuE0R4M+128Scv7z8ikY:SUFeUp+1qoZ6DEvUp+1qcvf8id
Malware Config
Targets
-
-
Target
2025-03-29_60e70ecb98ad10f9ff8386430782992d_black-basta_luca-stealer_neshta_ngrbot
-
Size
7.9MB
-
MD5
60e70ecb98ad10f9ff8386430782992d
-
SHA1
08428fe99da0c33c8fa096a30504735be4456216
-
SHA256
fcb38e94773811900eb54fffb7a4c91e6d0149bcf29186d10b716685048c33da
-
SHA512
f04006b213f0f99a037727320191e6627807accba63d7566577397b2add505676f3b910fa37751543322ad7134c36af4be6b0a003971f3effa16cf374cb9ec44
-
SSDEEP
98304:69x2F450R4M+128SoJhiZ460XCEuE0R4M+128Scv7z8ikY:SUFeUp+1qoZ6DEvUp+1qcvf8id
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-