Overview

overview

10

Static

static

10

af95f41f73...63.exe

windows10-2004-x64

10

Resubmissions

29-12-2022 04:20

221229-eyjk3scc89 10

03-12-2022 20:59

221203-zs4z2sec45 10

27-11-2022 10:11

221127-l798qahd89 10

26-11-2022 11:26

221126-njy7naea9t 10

26-11-2022 11:26

221126-njvjgaea8y 10

26-11-2022 11:25

221126-njsd4sbb98 10

26-11-2022 11:25

221126-njj3qsbb88 10

26-11-2022 11:22

221126-ng1byaea3x 10

26-11-2022 11:17

221126-ndsgxsdg9y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af95f41f73e451c4d1f5fd8acdd0c863.exe

  • Size

    1.1MB

  • Sample

    221203-zs4z2sec45

  • MD5

    af95f41f73e451c4d1f5fd8acdd0c863

  • SHA1

    55c03b064063d15af1eb9bdb766bd90ec9b6f8c4

  • SHA256

    2bf85967fb9126459be466a7ecbdbaa32bd1ec69e6cbee24a295852fff807b05

  • SHA512

    f50d479038f16a60b0ef4f8670d0dcbf7016c96ef12fae08bc9448fed2d61a679844815c48c2b1a65464ba71c006d9ae63c2baf47c7ee3398323ed3077a31bb3

  • SSDEEP

    24576:mRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7H:gJzdnm4lT8Q1r0pieR7H

Score
10/10
neshtaxmrigminerpersistencespywarestealerupx

Malware Config

Targets

    • Target

      af95f41f73e451c4d1f5fd8acdd0c863.exe

    • Size

      1.1MB

    • MD5

      af95f41f73e451c4d1f5fd8acdd0c863

    • SHA1

      55c03b064063d15af1eb9bdb766bd90ec9b6f8c4

    • SHA256

      2bf85967fb9126459be466a7ecbdbaa32bd1ec69e6cbee24a295852fff807b05

    • SHA512

      f50d479038f16a60b0ef4f8670d0dcbf7016c96ef12fae08bc9448fed2d61a679844815c48c2b1a65464ba71c006d9ae63c2baf47c7ee3398323ed3077a31bb3

    • SSDEEP

      24576:mRBrzwX0YmJI8DRnCD4jtnT8Q1r0ly78ipwR7H:gJzdnm4lT8Q1r0pieR7H

    Score
    10/10
    neshtaxmrigminerpersistencespywarestealerupx

    • Detect Neshta payload

    • Modifies system executable filetype association

      persistence

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks