Overview

overview

10

Static

static

5

builder_v1...er.exe

windows7-x64

10

builder_v1...er.exe

windows10-1703-x64

10

builder_v1...er.exe

windows10-2004-x64

10

builder_v1...og.exe

windows7-x64

1

builder_v1...og.exe

windows10-1703-x64

1

builder_v1...og.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    builder_v1.4.4.rar

  • Size

    18.3MB

  • Sample

    220816-l658daaeb7

  • MD5

    c8f8d09f5998a52ba875dd4584fe3590

  • SHA1

    8a00ebf5a50516e361c8029d28dda0edc4a712f4

  • SHA256

    c8e78c7bcb49127308f7f387a3b80fcdd18c351fcd31db3da319d95c661fad14

  • SHA512

    270c42d48aa43af5a2ab22b268f0fafb2d36c82f6567eb1887b677a87a0e0da07714a7d53b403229aaa7ab289682c9a8a90cd1d0e013dc66a7ea9a3c661d96b7

Score
10/10
neshtadiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      builder_v1.4.4/builder.exe

    • Size

      18.2MB

    • MD5

      0e86b4cc6706de7c7bb878aab6ca92ba

    • SHA1

      270f672f54110b1e36bfcb577823c746d7a85065

    • SHA256

      2a3e88cdaec25cc4da699fd5d2da45fd14c99894363d81b90b44f073d35134ca

    • SHA512

      bbbd0c630b552c03a7d93af6852f227d8613e4fd8955d9ccf3b70950301976497f7063fd3caed52f4ca9af114accd5a065da0c78f48946a5d018d166b6db0187

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3

    • Target

      builder_v1.4.4/pucker/CL_Debug_Log.txt

    • Size

      722KB

    • MD5

      43141e85e7c36e31b52b22ab94d5e574

    • SHA1

      cfd7079a9b268d84b856dc668edbb9ab9ef35312

    • SHA256

      ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

    • SHA512

      9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

    Score
    1/10
    behavioral4behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks