General

  • Target

    SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301

  • Size

    700KB

  • Sample

    210706-s12y9abwej

  • MD5

    4c33a8d7ea67f81000eee8b1c9475f9c

  • SHA1

    a96a1a2cd37af1a04fafc9104b59661924c2c2a0

  • SHA256

    3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf

  • SHA512

    d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0

Malware Config

Targets

    • Target

      SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301

    • Size

      700KB

    • MD5

      4c33a8d7ea67f81000eee8b1c9475f9c

    • SHA1

      a96a1a2cd37af1a04fafc9104b59661924c2c2a0

    • SHA256

      3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf

    • SHA512

      d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation