General
-
Target
886b0ccaf90c375e204631606396feee470aaf07e4c2f30608f45c4d72f1fb28
-
Size
663KB
-
Sample
211221-nnsknseaen
-
MD5
7df62e61b9b349f8f540410d6ae435fe
-
SHA1
e92166335343fce4ee637a6e207b2521f60edb11
-
SHA256
886b0ccaf90c375e204631606396feee470aaf07e4c2f30608f45c4d72f1fb28
-
SHA512
433835309d04ffecd460eb588b01dbb9bfa40533b256c5daf6d1c1c8a5b14060d2c67894aeb66b74bb868709d68394c9404bf8c10656a9568d83bde4d12d60e8
Static task
static1
Behavioral task
behavioral1
Sample
886b0ccaf90c375e204631606396feee470aaf07e4c2f30608f45c4d72f1fb28.exe
Resource
win10-en-20211208
Malware Config
Extracted
amadey
2.86
2.56.56.210/notAnoob/index.php
Extracted
redline
runpe
142.202.242.172:7667
Targets
-
-
Target
886b0ccaf90c375e204631606396feee470aaf07e4c2f30608f45c4d72f1fb28
-
Size
663KB
-
MD5
7df62e61b9b349f8f540410d6ae435fe
-
SHA1
e92166335343fce4ee637a6e207b2521f60edb11
-
SHA256
886b0ccaf90c375e204631606396feee470aaf07e4c2f30608f45c4d72f1fb28
-
SHA512
433835309d04ffecd460eb588b01dbb9bfa40533b256c5daf6d1c1c8a5b14060d2c67894aeb66b74bb868709d68394c9404bf8c10656a9568d83bde4d12d60e8
-
Detect Neshta Payload
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-