General

  • Target

    tmp

  • Size

    2.0MB

  • Sample

    221017-e4q74sagfn

  • MD5

    2e5d1fd3b13beaaa0a969d1f68569979

  • SHA1

    e92dbe14f515f3e970bbb78bb7100d10b9e5de07

  • SHA256

    f02cde071f1bddb816939dd05452e8f2fec41e355e1d11576ee45e691b3de325

  • SHA512

    f6eddff64fec5f707fe7fbf2e959b08109f90b58ea7bb8ca38d7f7613d8d2cf91a93d74b8576b41f3f3b7b1c44314f6591dd9c27aecda67c406619987189c22d

  • SSDEEP

    49152:+TeFwrBajqBtKfiLzXBbsC9AKI2AAjQlkPslZ:+8qPCivXBdDI27GZ

Malware Config

Targets

    • Target

      tmp

    • Size

      2.0MB

    • MD5

      2e5d1fd3b13beaaa0a969d1f68569979

    • SHA1

      e92dbe14f515f3e970bbb78bb7100d10b9e5de07

    • SHA256

      f02cde071f1bddb816939dd05452e8f2fec41e355e1d11576ee45e691b3de325

    • SHA512

      f6eddff64fec5f707fe7fbf2e959b08109f90b58ea7bb8ca38d7f7613d8d2cf91a93d74b8576b41f3f3b7b1c44314f6591dd9c27aecda67c406619987189c22d

    • SSDEEP

      49152:+TeFwrBajqBtKfiLzXBbsC9AKI2AAjQlkPslZ:+8qPCivXBdDI27GZ

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks