General

  • Target

    9be084ce0587d50c894f337439b0f93c42da949bb1aa7d98e1f86f9df37d8885

  • Size

    513KB

  • Sample

    220124-bwemkahfb4

  • MD5

    85ffc86df081fdc9c5d56546ec1303d9

  • SHA1

    890a52b1d59768fb66b563b3534650505d24c0c5

  • SHA256

    9be084ce0587d50c894f337439b0f93c42da949bb1aa7d98e1f86f9df37d8885

  • SHA512

    fa8dc635b1a745ef5db5debd424b08b287d16726c84d8e27885465da7689b73aa2dfc221747bda2083a989072f3bbda9694a932e3619819ec3cf0f051f5b3ebb

Malware Config

Targets

    • Target

      9be084ce0587d50c894f337439b0f93c42da949bb1aa7d98e1f86f9df37d8885

    • Size

      513KB

    • MD5

      85ffc86df081fdc9c5d56546ec1303d9

    • SHA1

      890a52b1d59768fb66b563b3534650505d24c0c5

    • SHA256

      9be084ce0587d50c894f337439b0f93c42da949bb1aa7d98e1f86f9df37d8885

    • SHA512

      fa8dc635b1a745ef5db5debd424b08b287d16726c84d8e27885465da7689b73aa2dfc221747bda2083a989072f3bbda9694a932e3619819ec3cf0f051f5b3ebb

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Sodin,Sodinokibi,REvil

      Ransomware with advanced anti-analysis and privilege escalation functionality.

    • Sodinokibi/Revil sample

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks