General
-
Target
43a4ccbc49a375bf9ee5bd085412f9e81bd4e9aba05db7e357dd95e04613a70b.exe
-
Size
973KB
-
Sample
250330-awg71swvcx
-
MD5
5e6fd71b7a515479b2e5e77bc7ea22f8
-
SHA1
394c41cee4b594ea8ba8d0fd6b686721a52e61ad
-
SHA256
43a4ccbc49a375bf9ee5bd085412f9e81bd4e9aba05db7e357dd95e04613a70b
-
SHA512
ba6d95ce84501b252b517f363be0d13f2d09e6816bb54160786c281a980bad69cb31d5e1da35d270e970121ca32dc11bcf69c310e222ac95f46ff85926025be2
-
SSDEEP
24576:Aukx3gKIoADALW7SyoyfWeU/OPFVNm1bOnVVnrQSBjfEpb4vkU:agKBAcmoyeUdkOnVFNERj
Malware Config
Targets
-
-
Target
43a4ccbc49a375bf9ee5bd085412f9e81bd4e9aba05db7e357dd95e04613a70b.exe
-
Size
973KB
-
MD5
5e6fd71b7a515479b2e5e77bc7ea22f8
-
SHA1
394c41cee4b594ea8ba8d0fd6b686721a52e61ad
-
SHA256
43a4ccbc49a375bf9ee5bd085412f9e81bd4e9aba05db7e357dd95e04613a70b
-
SHA512
ba6d95ce84501b252b517f363be0d13f2d09e6816bb54160786c281a980bad69cb31d5e1da35d270e970121ca32dc11bcf69c310e222ac95f46ff85926025be2
-
SSDEEP
24576:Aukx3gKIoADALW7SyoyfWeU/OPFVNm1bOnVVnrQSBjfEpb4vkU:agKBAcmoyeUdkOnVFNERj
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-