General

  • Target

    f5eb9dc17ffae0404f956e34fd697c5359de1d8f81afb2b9ed60eef16cf9daa1

  • Size

    1.0MB

  • Sample

    220625-fvzzbshff7

  • MD5

    6b233fdc5dd1612e5af89d1b8f8cd0dc

  • SHA1

    cedff03c2c9d0efd97970ba245ef69865191d826

  • SHA256

    f5eb9dc17ffae0404f956e34fd697c5359de1d8f81afb2b9ed60eef16cf9daa1

  • SHA512

    64d1778181856a03ef4c8cca3daee1dd9867ebee77f1f806f4c8245005fcb69701b445751d1271e5d98a6a84fe9a2533a294fbbae49bb8de60b2cab743f97560

Malware Config

Targets

    • Target

      f5eb9dc17ffae0404f956e34fd697c5359de1d8f81afb2b9ed60eef16cf9daa1

    • Size

      1.0MB

    • MD5

      6b233fdc5dd1612e5af89d1b8f8cd0dc

    • SHA1

      cedff03c2c9d0efd97970ba245ef69865191d826

    • SHA256

      f5eb9dc17ffae0404f956e34fd697c5359de1d8f81afb2b9ed60eef16cf9daa1

    • SHA512

      64d1778181856a03ef4c8cca3daee1dd9867ebee77f1f806f4c8245005fcb69701b445751d1271e5d98a6a84fe9a2533a294fbbae49bb8de60b2cab743f97560

    • Parasite, Nexus

      Parasite (or Nexus) is an infostealer written in C++.

    • suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

      suricata: ET MALWARE Generic Request to gate.php Dotted-Quad

    • suricata: ET MALWARE Nexus Stealer CnC Data Exfil

      suricata: ET MALWARE Nexus Stealer CnC Data Exfil

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers

    • suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

      suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks