General

  • Target

    b4a4fc9b41bee1f4d9b16eb88bc400041118ca631edde4cf17ccf6ca8a8a763c

  • Size

    2.0MB

  • Sample

    220524-bs9zasbfe9

  • MD5

    696bfbd43c13ca196d0d70e5855e66e4

  • SHA1

    050da294044a547592efb5dee475196d2c71d869

  • SHA256

    b4a4fc9b41bee1f4d9b16eb88bc400041118ca631edde4cf17ccf6ca8a8a763c

  • SHA512

    c36b4c5cc4de42a8ca16c1fb2594270db881ce9332a7cd1bd9a695b74008602c0ddef03882c1134aed273d5040b885613956851a58e8c880ba23c18258902058

Malware Config

Targets

    • Target

      b4a4fc9b41bee1f4d9b16eb88bc400041118ca631edde4cf17ccf6ca8a8a763c

    • Size

      2.0MB

    • MD5

      696bfbd43c13ca196d0d70e5855e66e4

    • SHA1

      050da294044a547592efb5dee475196d2c71d869

    • SHA256

      b4a4fc9b41bee1f4d9b16eb88bc400041118ca631edde4cf17ccf6ca8a8a763c

    • SHA512

      c36b4c5cc4de42a8ca16c1fb2594270db881ce9332a7cd1bd9a695b74008602c0ddef03882c1134aed273d5040b885613956851a58e8c880ba23c18258902058

    • Parasite, Nexus

      Parasite (or Nexus) is an infostealer written in C++.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Nexus Stealer CnC Data Exfil

      suricata: ET MALWARE Nexus Stealer CnC Data Exfil

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks