SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301

General
Target

SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301

Size

700KB

Sample

210706-s12y9abwej

Score
10 /10
MD5

4c33a8d7ea67f81000eee8b1c9475f9c

SHA1

a96a1a2cd37af1a04fafc9104b59661924c2c2a0

SHA256

3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf

SHA512

d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0

Malware Config
Targets
Target

SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301

MD5

4c33a8d7ea67f81000eee8b1c9475f9c

Filesize

700KB

Score
10 /10
SHA1

a96a1a2cd37af1a04fafc9104b59661924c2c2a0

SHA256

3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf

SHA512

d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify Registry Change Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1