General
-
Target
2025-04-19_49ec5219c84f445dbace71ff737a96a6_black-basta_elex_neshta_ngrbot_skypams
-
Size
5.3MB
-
Sample
250419-fjdlysxqt9
-
MD5
49ec5219c84f445dbace71ff737a96a6
-
SHA1
1152ca6103bcf5c9c1aae44600e6417dcd3b7e75
-
SHA256
4fa578e238c515dab44911153286bbf7ca84d1152c53cca1cb662ea1f1ec86cf
-
SHA512
3cb6e7d280f1c1bede1b0f062a4cfab20fb88300c5184beddf61acda3cd97b89eb783c74999cbe21850427c04431dc6ea8b5751723bc4dcf91b2e825d6184102
-
SSDEEP
98304:6anVKTpTxzqMqGkBAgjJ3U/c+PLHV0ZNyxo:/wtx2MRkBTjJ+5DHWZNyW
Malware Config
Targets
-
-
Target
2025-04-19_49ec5219c84f445dbace71ff737a96a6_black-basta_elex_neshta_ngrbot_skypams
-
Size
5.3MB
-
MD5
49ec5219c84f445dbace71ff737a96a6
-
SHA1
1152ca6103bcf5c9c1aae44600e6417dcd3b7e75
-
SHA256
4fa578e238c515dab44911153286bbf7ca84d1152c53cca1cb662ea1f1ec86cf
-
SHA512
3cb6e7d280f1c1bede1b0f062a4cfab20fb88300c5184beddf61acda3cd97b89eb783c74999cbe21850427c04431dc6ea8b5751723bc4dcf91b2e825d6184102
-
SSDEEP
98304:6anVKTpTxzqMqGkBAgjJ3U/c+PLHV0ZNyxo:/wtx2MRkBTjJ+5DHWZNyW
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-