Overview

overview

10

Static

static

10

835a2d1969...6e.exe

windows7-x64

10

835a2d1969...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

  • Size

    1.1MB

  • Sample

    221127-f6sdmace98

  • MD5

    613c877e46ca838faef8334961e71b15

  • SHA1

    5915b6cecd79bf8ecf29ac03f0a45334b6e5fbbc

  • SHA256

    73801baa28785c295686c51154e9d8b91e1d249808a003dbbbee97de33d5228d

  • SHA512

    8fe98c0026aee3bc232fc84cbb827effddcb45878d6866745918066b19fbcf42f3e14833c78121647821f2972ed1d5d2c32fa985f94401c52ad77428280b1b01

  • SSDEEP

    24576:oT5oniNvHZlzbjB+dQz+gIqbm/fgMvHWxp0jBcHGffg9YmWiyJ8p:G5onSlvNeZqbmQIhCifC1yE

Score
10/10
neshtaxmrigminerpersistencespywarestealerupx

Malware Config

Targets

    • Target

      835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

    • Size

      1.1MB

    • MD5

      e085e748221b5b6f32af4337de1db53d

    • SHA1

      30c677c2773a6fffa6cf6ded75a3a9fbfbb3dd3d

    • SHA256

      835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

    • SHA512

      6c67769778e45fafc3700e1fcb5572b3217109dee7f811c1e0e81b44ee87a9802e529da6eba0f95ee010650637994fdead4aed072e602c00fb62efaa4d8df698

    • SSDEEP

      24576:SRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7H:kJzdnm4lT8Q1r0pieR7H

    Score
    10/10
    neshtaxmrigminerpersistencespywarestealerupx

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks