General

  • Target

    854b3cf53fce89b4398775b3f589e953c5c82f692708a4fa64b761a6813cd994

  • Size

    403KB

  • Sample

    220124-b31tdahffl

  • MD5

    ee9c423911d2f60c3c1a7f6e0fec4754

  • SHA1

    9af221a60874ac7b7e80ee33ff6d3ad1f9b62c9a

  • SHA256

    854b3cf53fce89b4398775b3f589e953c5c82f692708a4fa64b761a6813cd994

  • SHA512

    98abb5218f35e9204f48f373adc95827a811956cb38453846ec33aac9beeb8771dadc4fd6533119ebfb0bba2730030f03514317215cfc925adafbe80f4ea7eb4

Malware Config

Targets

    • Target

      854b3cf53fce89b4398775b3f589e953c5c82f692708a4fa64b761a6813cd994

    • Size

      403KB

    • MD5

      ee9c423911d2f60c3c1a7f6e0fec4754

    • SHA1

      9af221a60874ac7b7e80ee33ff6d3ad1f9b62c9a

    • SHA256

      854b3cf53fce89b4398775b3f589e953c5c82f692708a4fa64b761a6813cd994

    • SHA512

      98abb5218f35e9204f48f373adc95827a811956cb38453846ec33aac9beeb8771dadc4fd6533119ebfb0bba2730030f03514317215cfc925adafbe80f4ea7eb4

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Sodin,Sodinokibi,REvil

      Ransomware with advanced anti-analysis and privilege escalation functionality.

    • Sodinokibi/Revil sample

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks