Resubmissions

28-05-2022 09:40

220528-lnm9vaggek 10

26-05-2022 13:49

220526-q4qr5abhh8 10

General

  • Target

    Petya.exe

  • Size

    266KB

  • Sample

    220526-q4qr5abhh8

  • MD5

    505e38e344f45ea9ff9c9b560d851c1e

  • SHA1

    c5e934de62fbbad105eef0ec1b533ca00aba05b0

  • SHA256

    4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5

  • SHA512

    6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689

Malware Config

Targets

    • Target

      Petya.exe

    • Size

      266KB

    • MD5

      505e38e344f45ea9ff9c9b560d851c1e

    • SHA1

      c5e934de62fbbad105eef0ec1b533ca00aba05b0

    • SHA256

      4d8e5e85b3d49509eab8e7ffebad940147ed950fcddab60e8a13409dfc2b8fc5

    • SHA512

      6dcc186c7e71fbd104eb0c29777525e59c43aaa6a6e6a439ae2805e1f8d1589c200ce7b5cb622519b9ad8f4480615e8e980132b617e944c3017462a411898689

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks