General

  • Target

    15b50b46f2f9d3ce66c8903cb824bd761f420053b27878e5274091d94f33477c

  • Size

    601KB

  • Sample

    221014-f9ft1aaahm

  • MD5

    6f5cf6a91d5e6646fdf1a6653b8f2d20

  • SHA1

    375796e8858769812ed9ba79f386778016b1d32e

  • SHA256

    15b50b46f2f9d3ce66c8903cb824bd761f420053b27878e5274091d94f33477c

  • SHA512

    37304a28ee8542995f1e0cee9518654c781b36f127cc238db87370638623288dd8ad4d272ea147d6153a7cf5d305dacc3179237cb3e050a07fcfd46cfd1c82bd

  • SSDEEP

    12288:j9OczTX1g+ACjgJ5Q+ON9R4qeACjdXE1cVKB/5EJz6L/tIoTGgTV:RO2TlgLCI5LON9R4qXCd0mYESKoTGgTV

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    aa116666

Targets

    • Target

      15b50b46f2f9d3ce66c8903cb824bd761f420053b27878e5274091d94f33477c

    • Size

      601KB

    • MD5

      6f5cf6a91d5e6646fdf1a6653b8f2d20

    • SHA1

      375796e8858769812ed9ba79f386778016b1d32e

    • SHA256

      15b50b46f2f9d3ce66c8903cb824bd761f420053b27878e5274091d94f33477c

    • SHA512

      37304a28ee8542995f1e0cee9518654c781b36f127cc238db87370638623288dd8ad4d272ea147d6153a7cf5d305dacc3179237cb3e050a07fcfd46cfd1c82bd

    • SSDEEP

      12288:j9OczTX1g+ACjgJ5Q+ON9R4qeACjdXE1cVKB/5EJz6L/tIoTGgTV:RO2TlgLCI5LON9R4qXCd0mYESKoTGgTV

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks