General

  • Target

    d14bc0cfe5345e025dc625022b09f62dc9c6f07ab076e179a876868c1e82584c

  • Size

    422KB

  • Sample

    220124-bchvwahban

  • MD5

    634cad63b4d7986c85de6c3cb5ada371

  • SHA1

    1eb538de67993bb7ffed7ea8d260043b01981371

  • SHA256

    d14bc0cfe5345e025dc625022b09f62dc9c6f07ab076e179a876868c1e82584c

  • SHA512

    befc4519778df90cff50e7f33f95aed27032a76b3e7cbccf564e7dabf6b818c99d5960385dc9a6ef5da1f450e372d43c7cf52a8c374656463263b907d6469c62

Malware Config

Targets

    • Target

      d14bc0cfe5345e025dc625022b09f62dc9c6f07ab076e179a876868c1e82584c

    • Size

      422KB

    • MD5

      634cad63b4d7986c85de6c3cb5ada371

    • SHA1

      1eb538de67993bb7ffed7ea8d260043b01981371

    • SHA256

      d14bc0cfe5345e025dc625022b09f62dc9c6f07ab076e179a876868c1e82584c

    • SHA512

      befc4519778df90cff50e7f33f95aed27032a76b3e7cbccf564e7dabf6b818c99d5960385dc9a6ef5da1f450e372d43c7cf52a8c374656463263b907d6469c62

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Sodin,Sodinokibi,REvil

      Ransomware with advanced anti-analysis and privilege escalation functionality.

    • Sodinokibi/Revil sample

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks