Overview

overview

10

Static

static

10

835a2d1969...6e.exe

windows7-x64

10

835a2d1969...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

  • Size

    1.1MB

  • Sample

    221127-z2nz7ahg42

  • MD5

    abee52fb250c193c6e773fb64ec73b32

  • SHA1

    b8cf7c27bba8f1873cffc20b1b1994581f2cd347

  • SHA256

    4c9896a080291068b9bc82f442a409570be38e5e42f90230f12a2390c2691caa

  • SHA512

    71191c4e994be63d64bdf6390ff091ac272ec6da6b2a6e5cb7e3f9a9a886503034504cc9544d17ba939e170222cb65f2cafc064f5bacd08003d5ead2c70f579f

  • SSDEEP

    24576:0T5oniNvHZlzbjB+dQz+gIqbm/fgMvHWxp0jBcHGffg9YmWiyJ81:S5onSlvNeZqbmQIhCifC1yo

Score
10/10
neshtaxmrigminerpersistencespywarestealerupx

Malware Config

Targets

    • Target

      835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

    • Size

      1.1MB

    • MD5

      e085e748221b5b6f32af4337de1db53d

    • SHA1

      30c677c2773a6fffa6cf6ded75a3a9fbfbb3dd3d

    • SHA256

      835a2d19698f5ac78ff27746b78837a6a66150e49c1fcc87fec54fee6482d36e

    • SHA512

      6c67769778e45fafc3700e1fcb5572b3217109dee7f811c1e0e81b44ee87a9802e529da6eba0f95ee010650637994fdead4aed072e602c00fb62efaa4d8df698

    • SSDEEP

      24576:SRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7H:kJzdnm4lT8Q1r0pieR7H

    Score
    10/10
    neshtaxmrigminerpersistencespywarestealerupx

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks