Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
Size

939KB
Sample

211216-y7vt9acha8
MD5

cd1f4fa4338ae35dc3e24b7d4fdd2c36
SHA1

35585771c3637ad3df287166a5873f1587003194
SHA256

85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
SHA512

629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.5

Campaign

ea0r

Decoy

lionheartcreativestudios.com

konzertmanagement.com

blackpanther.online

broychim-int.com

takut18.com

txstarsolar.com

herdsherpa.com

igorshestakov.com

shinesbox.com

reflectpkljlt.xyz

oiltoolshub.com

viralmoneychallenge.com

changingalphastrategies.com

mecitiris.com

rdadmin.online

miniambiente.com

kominarcine.com

pino-almond.com

heihit.xyz

junqi888.com

Targets

- Target
  
  85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
- Size
  
  939KB
- MD5
  
  cd1f4fa4338ae35dc3e24b7d4fdd2c36
- SHA1
  
  35585771c3637ad3df287166a5873f1587003194
- SHA256
  
  85bccf48bd69110456515b5b1fc35fc21c6d983e67c162ab14fb7d8f66616e71
- SHA512
  
  629cbd4806d4aa68c7f4223180d5c2a06378c9a5f1b7c3587f6e3f375ce5fdbc7eff20b0e9f24458d6c0eaa41c79ef786bd54b0e7c7eebf3a1c103b4eff4c669
Score

10^/10

neshta xloader ea0r loader persistence rat spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Collection

Data from Local System

T1005

Command and Control

Credential Access

Credentials in Files

T1081

Defense Evasion

Modify Registry

T1112

Discovery

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Change Default File Association

T1042

Privilege Escalation

Tasks

static1

neshta

Score

10^/10

behavioral1

neshtaxloaderea0rloaderpersistenceratspywarestealer

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

Modifies system executable filetype association

Neshta

Xloader

Xloader Payload

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1