General

  • Target

    Pw_External.exe

  • Size

    1016KB

  • Sample

    220908-t68x9sccbk

  • MD5

    b51bbbef95e592e828a96265e1f4a1a3

  • SHA1

    8a5d42651cb0b31879b58c1fefdec63f7ca6a9d2

  • SHA256

    7fb53defbc52a007babaadac3bb8371cca58c0c3ffdf74572bd60515ac0f2578

  • SHA512

    ff228a28377a0a6a2d13922ea9e3ec6370b81262987cd0e96502058a7950971e70fde4f7fec0f3d7cf616a30965d2b795292da9d950180a5d3f0fba14b0efbe7

  • SSDEEP

    24576:/w+uVptKNyhFk4EaKLDTBgQWpE5reR38E3xRKe:Y+uVptJXEaKLDT1GCreR39Ke

Malware Config

Targets

    • Target

      Pw_External.exe

    • Size

      1016KB

    • MD5

      b51bbbef95e592e828a96265e1f4a1a3

    • SHA1

      8a5d42651cb0b31879b58c1fefdec63f7ca6a9d2

    • SHA256

      7fb53defbc52a007babaadac3bb8371cca58c0c3ffdf74572bd60515ac0f2578

    • SHA512

      ff228a28377a0a6a2d13922ea9e3ec6370b81262987cd0e96502058a7950971e70fde4f7fec0f3d7cf616a30965d2b795292da9d950180a5d3f0fba14b0efbe7

    • SSDEEP

      24576:/w+uVptKNyhFk4EaKLDTBgQWpE5reR38E3xRKe:Y+uVptJXEaKLDT1GCreR39Ke

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks