Overview

overview

10

Static

static

ORDER-021406_pdf.jar

windows7_x64

10

ORDER-021406_pdf.jar

windows10-2004_x64

10

Order.xlsx

windows7_x64

1

Order.xlsx

windows10-2004_x64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a8c22f532003426966f40a78e7bf11a0cde251f995dadf7e1a65e8c81c9008e

  • Size

    184KB

  • Sample

    220206-rdlwxsaghp

  • MD5

    a20266a221a0ff375f736e2a9571799f

  • SHA1

    7a4cce738022c8029c3d1b4f5e7266cd6ac4a48a

  • SHA256

    8a8c22f532003426966f40a78e7bf11a0cde251f995dadf7e1a65e8c81c9008e

  • SHA512

    3d0182207619d036d944266c7ef50bd97ff2389d4add1ff266a59401ff743aa7dd2c53372b30f4f145431c06aea981f71855c0ff751a6d3a02153ebb06935abe

Score
10/10
neshtapersistencespywarestealersuricata

Malware Config

Targets

    • Target

      ORDER-021406_pdf.jar

    • Size

      115KB

    • MD5

      9b1704c9472dec7f1a64667093192a29

    • SHA1

      0412046a5e917a5773043db094e6088897e00519

    • SHA256

      0f081b6ad1242ba0528e7f7058c0f98ec52299272d63844735fa6574ba7ecb85

    • SHA512

      c26b7b6a9ac198f55cf1b832557cc71d03a4fdec0c3f754d1b8762fee359c4191905904e6ebaebf0abfc16c710912437c9ceb6527b5c43ae17996b46368962a1

    Score
    10/10
    neshtapersistencespywarestealersuricata

    • Detect Neshta Payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE DTLoader Binary Request M2

      suricata: ET MALWARE DTLoader Binary Request M2

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

    • Target

      Order.xlsx

    • Size

      7KB

    • MD5

      babea5182cea94bafda9a125c71f0b33

    • SHA1

      fa449309136bb8d7a05ccab8aec4c2d85d2e6f65

    • SHA256

      1f1bf58d07b84d0981d6226e8a9cce01526f37b1ca8472f66398b2fa370c8e72

    • SHA512

      d7d6d0fe02508dcd3705384c205b69f128a75f4196ab0f14be820b007f0c097d3490b73fffc93a81c855645fa1a28a63f8027baa68fee56efe959810e2476297

    Score
    4/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks