Overview

overview

10

Static

static

10

Monkey Isl...nd.exe

windows7-x64

10

Monkey Isl...nd.exe

windows10-2004-x64

10

Monkey Isl...ed.exe

windows7-x64

10

Monkey Isl...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1553c72c054079021dafe5e75485d40a54190c0ef703c1f3cff2562f672dd083

  • Size

    372KB

  • Sample

    221125-wtgpcshb61

  • MD5

    5b6ac5009f673f832cfe8d8c03d778d7

  • SHA1

    8291a917109624de5d07613838726419debd2ec6

  • SHA256

    1553c72c054079021dafe5e75485d40a54190c0ef703c1f3cff2562f672dd083

  • SHA512

    3199749f96685c37a33e52b35c87ef612cd1d21dadf941b28b36397ec182abc2b24989132e891895dba93c5bf5338fc64959391bec72d4695b3caa1ccd6ecc59

  • SSDEEP

    6144:c3zrxfCHUjFKAFy8vYMpZ2maXeeeCOQa/H6Jv4rsGS71HL/CBniKYTmQkVKFDGuG:+xqilFy8heeT/Qv4rDS7RL/+iKYyQz/G

Score
10/10
neshtapersistencespywarestealer

Malware Config

Targets

    • Target

      Monkey Island Crypter/Island.exe

    • Size

      88KB

    • MD5

      d9a9ea1c848793138f91e029122a3c64

    • SHA1

      95b4c2d7c98948ce1773e90ec4740fe132e34350

    • SHA256

      da2aacbd755c284e1122aac8fd3ca5772cce04a13c5c62119770aa1cf3687d87

    • SHA512

      73f290a45cfe68aba845297222ada09160fc607f0d1d6dfb0bebae9918295df4127a425a7ff70fa9c4c4ea49a4e430788f436cf7c234ea65bf828d2bb422f6cb

    • SSDEEP

      768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ1zOXhN2Mnsk2yg3fZ9+Rj3qDHLxdc0:JxqjQ+P04wsmJCmzOm9+Z3qDFS

    Score
    10/10
    neshtapersistencespywarestealer

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

    • Target

      Monkey Island Crypter/Merged.exe

    • Size

      455KB

    • MD5

      9b94fed379a1df2b83fdbef292a5c2ef

    • SHA1

      6b6e18e90afaa434b7d8a5dbc27a187b71324180

    • SHA256

      f6adf8932350281f08f2357eb2ed14d2e2ace877b33f8e1d521c9ab04f227643

    • SHA512

      c5b4c1ab96ebebe32c9dd43a6832176b70ec0e3ee0c7cf6f78c55989e6be2648f21fa6b0af6db96e52b54c4fa7c1d86c65afc8c465e262496e5d7b731d349cdc

    • SSDEEP

      12288:mU9sjjUzqAApXhTRhGgJpcmWnour2ub2IxyuK79+:pzKX9R8gJpcmqoDumuKI

    Score
    10/10
    neshtapersistencespywarestealer

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

2
T1042

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks