General

  • Target

    91da0c134350b0c47432593bf1d6d09bab05aa076c94c16cea90404fadbfed7c

  • Size

    2.0MB

  • Sample

    220524-dlqyysded8

  • MD5

    dc4987d67367520d42467a4c74ccbd7d

  • SHA1

    1f86f81c05502bed9a28768757515dcb43fa6fb0

  • SHA256

    91da0c134350b0c47432593bf1d6d09bab05aa076c94c16cea90404fadbfed7c

  • SHA512

    c8922242702410a508dd3e73e5db8e498fd635671ed51b468164e9003a603f9446980061a4ba34260aeb9fc4072e68af6ed6cbe77fefca641329a97097a3a5f1

Malware Config

Targets

    • Target

      91da0c134350b0c47432593bf1d6d09bab05aa076c94c16cea90404fadbfed7c

    • Size

      2.0MB

    • MD5

      dc4987d67367520d42467a4c74ccbd7d

    • SHA1

      1f86f81c05502bed9a28768757515dcb43fa6fb0

    • SHA256

      91da0c134350b0c47432593bf1d6d09bab05aa076c94c16cea90404fadbfed7c

    • SHA512

      c8922242702410a508dd3e73e5db8e498fd635671ed51b468164e9003a603f9446980061a4ba34260aeb9fc4072e68af6ed6cbe77fefca641329a97097a3a5f1

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    • ElysiumStealer Payload

    • ElysiumStealer Support DLL

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks