General

  • Target

    e8f0b67861705801676cf4ad8edddcc6ee3233d4aa367ea3191bc8a080a49e00.exe

  • Size

    45KB

  • Sample

    221019-3fmf1sdafj

  • MD5

    c4c4bcf2646caf649c30f037f4e6065f

  • SHA1

    2ccd7762f43c258aef4fe5160239e7251962412e

  • SHA256

    e8f0b67861705801676cf4ad8edddcc6ee3233d4aa367ea3191bc8a080a49e00

  • SHA512

    8bb05f80a457e2fd8695d870544d30fe069fb200198fe7102b6b284e405efbe7bd622c6ff9863e58790a87f024cc23916eeb4d9b5547afa05d08285756dae265

  • SSDEEP

    768:qkBy+xPvm5dxZj3B95Jr8qHUiljyEPdr/F05ccxGhZhzooqRrIbH:qkMRdxZLB95Jwot7Pd7EGfhkoqVI

Malware Config

Targets

    • Target

      e8f0b67861705801676cf4ad8edddcc6ee3233d4aa367ea3191bc8a080a49e00.exe

    • Size

      45KB

    • MD5

      c4c4bcf2646caf649c30f037f4e6065f

    • SHA1

      2ccd7762f43c258aef4fe5160239e7251962412e

    • SHA256

      e8f0b67861705801676cf4ad8edddcc6ee3233d4aa367ea3191bc8a080a49e00

    • SHA512

      8bb05f80a457e2fd8695d870544d30fe069fb200198fe7102b6b284e405efbe7bd622c6ff9863e58790a87f024cc23916eeb4d9b5547afa05d08285756dae265

    • SSDEEP

      768:qkBy+xPvm5dxZj3B95Jr8qHUiljyEPdr/F05ccxGhZhzooqRrIbH:qkMRdxZLB95Jwot7Pd7EGfhkoqVI

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

    • Executes dropped EXE

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks