General

  • Target

    42a45226999ec8bf234e2048ebfc69b7f5660ceaf61106479b5591f221157952

  • Size

    1.8MB

  • Sample

    220525-b15pjsadgl

  • MD5

    2bcf972b2bd990c2f5f50c7fe56ebb11

  • SHA1

    34a22acdfbc04328342c68a44f112bfabad5d572

  • SHA256

    42a45226999ec8bf234e2048ebfc69b7f5660ceaf61106479b5591f221157952

  • SHA512

    c691e4d36f8f00d5be77a3502ec01dfdc5286b8558bb78b99b3a2ad301838ecf42a843ae314b91fa2b1dd5a71668dd3874a7dd8448958e41bc2fdb4c2941b701

Malware Config

Targets

    • Target

      42a45226999ec8bf234e2048ebfc69b7f5660ceaf61106479b5591f221157952

    • Size

      1.8MB

    • MD5

      2bcf972b2bd990c2f5f50c7fe56ebb11

    • SHA1

      34a22acdfbc04328342c68a44f112bfabad5d572

    • SHA256

      42a45226999ec8bf234e2048ebfc69b7f5660ceaf61106479b5591f221157952

    • SHA512

      c691e4d36f8f00d5be77a3502ec01dfdc5286b8558bb78b99b3a2ad301838ecf42a843ae314b91fa2b1dd5a71668dd3874a7dd8448958e41bc2fdb4c2941b701

    • Parasite, Nexus

      Parasite (or Nexus) is an infostealer written in C++.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Nexus Stealer CnC Data Exfil

      suricata: ET MALWARE Nexus Stealer CnC Data Exfil

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks