General

  • Target

    Spotify ProxyLess Brute Checker By ACTEAM V2.exe

  • Size

    3.4MB

  • Sample

    221001-j3evxaggbn

  • MD5

    0f54fdb60f126275dda468d137602e4f

  • SHA1

    5df5e97f70e872aca0461881771ecc1e0be2365f

  • SHA256

    acb9908a7cc8bc74176e39325e713a8640b0888ce70c2a99a1b92013a6d326dc

  • SHA512

    0dd51d3973282ccf6af897b4c967e5dfe2285628c6213ef991af39cf3af75ecbba7d4cbb673f1aab01627b3376076befcaa06e87195c61d66f861c57bd14edc8

  • SSDEEP

    49152:d0+EzLwW1T+Q0YjtwInMkQ8NlaVeuHFe4HzeHG:d0+Ev1TOYBwCGxHzem

Malware Config

Targets

    • Target

      Spotify ProxyLess Brute Checker By ACTEAM V2.exe

    • Size

      3.4MB

    • MD5

      0f54fdb60f126275dda468d137602e4f

    • SHA1

      5df5e97f70e872aca0461881771ecc1e0be2365f

    • SHA256

      acb9908a7cc8bc74176e39325e713a8640b0888ce70c2a99a1b92013a6d326dc

    • SHA512

      0dd51d3973282ccf6af897b4c967e5dfe2285628c6213ef991af39cf3af75ecbba7d4cbb673f1aab01627b3376076befcaa06e87195c61d66f861c57bd14edc8

    • SSDEEP

      49152:d0+EzLwW1T+Q0YjtwInMkQ8NlaVeuHFe4HzeHG:d0+Ev1TOYBwCGxHzem

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks