aa49729965e546407fb7295d3ec68fd60ef327ce6c1047b71b0236de7925cb44

General
Target

aa49729965e546407fb7295d3ec68fd60ef327ce6c1047b71b0236de7925cb44

Size

6MB

Sample

211231-llh74sggd8

Score
10 /10
MD5

120e6c560c8582338b97bc1112703588

SHA1

4017ad3a595577f006273315a927764d6bf53941

SHA256

aa49729965e546407fb7295d3ec68fd60ef327ce6c1047b71b0236de7925cb44

SHA512

92c7f20c9b9b4ab36a5bd189aa7dcf76d38b5c13b40be2c65b5fa7f865a0c7bfd196cc8f7437f0c7a36e135c74f42381e2572a9d4804e7b6cec1541fdc05929d

Malware Config
Targets
Target

aa49729965e546407fb7295d3ec68fd60ef327ce6c1047b71b0236de7925cb44

MD5

120e6c560c8582338b97bc1112703588

Filesize

6MB

Score
10/10
SHA1

4017ad3a595577f006273315a927764d6bf53941

SHA256

aa49729965e546407fb7295d3ec68fd60ef327ce6c1047b71b0236de7925cb44

SHA512

92c7f20c9b9b4ab36a5bd189aa7dcf76d38b5c13b40be2c65b5fa7f865a0c7bfd196cc8f7437f0c7a36e135c74f42381e2572a9d4804e7b6cec1541fdc05929d

Tags

Signatures

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • xmrig

    Description

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    Tags

  • Detected Stratum cryptominer command

    Description

    Looks to be attempting to contact Stratum mining pool.

    Tags

  • XMRig Miner Payload

    Tags

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks