neshta

General

Target

SQLi_Dumper.rar
Size

4.4MB
Sample

240822-ywry8avhlb
MD5

c844dbd74cc3a75f26375d7f5ae22e2c
SHA1

812a3ea938525a0fa662336ba6098d859a8740e8
SHA256

a9e37d93c75519978a510dbfd6ff292339783062acb18ee95cb6df5f65978cda
SHA512

81a1f29bd4ac1bc3869699e7a8ab990de07fc29a7b1ed4392db0f5ba5f14f9571ea77d61ebb177f591945b8c15e64b4368237e93db6878fa5a85baf15d3d88cd
SSDEEP

98304:BX4A3EfxCzIznluLrShKZhOVJ1IaCX05aMEMpwlpI6J6FGHhr5x:2A8CzolqrRhOAXqapXdikz

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

9-23h

C2

135.236.96.237:1912

Targets

- Target
  
  SQLi_Dumper/ChilkatDotNet2.dll
- Size
  
  5.7MB
- MD5
  
  6990f5076eb51ee135492ba5ba619b72
- SHA1
  
  a8d4941d4ece23faafa231e53d2a1f34a6dc0302
- SHA256
  
  6733f1b7daf40076ffe88dc8a88e23181d1ba449d6e5bb36a5325b4353849460
- SHA512
  
  d1d3ab75a7be7e56116a0ff5d9b98f51ec3fc3ac1056f5ae6c526ef742bd5a209c587389a7ab857b882d656c7e812d684baf3b126b99161b0b8593f5f764c747
- SSDEEP
  
  98304:basYNDl+jj8ttP3WjOc630ASp/YMZP0Aqs:wZl+jItR3Wj60rqA
Score

3^/10

discovery
behavioral1
- Target
  
  SQLi_Dumper/ControlsGui.dll
- Size
  
  125KB
- MD5
  
  daab531d4c889ed79ddbd336d372eb40
- SHA1
  
  15abe481b84e247e7afa730b8c2cbc3ad48d4f94
- SHA256
  
  69310937c7635b9ffc67d65e33e56ee3ab54074327c7dbf971ab1b25810c45d6
- SHA512
  
  15a86684fa5f8fe284e3174ab28531f09951319ba1a4f2705889dc0af1c29ed535eaa9b2001b0407a499d0a61247e86e5b46e65ce47a404e2750d1811d3de607
- SSDEEP
  
  1536:+s4Ig5C9h+1+L/fs2Wg0Z6ZDWgN3IBnLr1SAuEcwlqmOhOMggV1:+XI7+8fs2Wz6Zq99usqmAxggV1
Score

3^/10

discovery
behavioral2
- Target
  
  SQLi_Dumper/SQli-Dumper-cleaned.exe
- Size
  
  341KB
- MD5
  
  ba5fa5be294d475319b72616acafc513
- SHA1
  
  dc8fb79c942f1e29e2df56cdb99badd762cfaf21
- SHA256
  
  45a212891e051eeec09b7c6b93294f4d62f748f39eb74afed6f371a5736b01a4
- SHA512
  
  b430b20df6c953dd2263f91cecb8493badb632d8d19b4d360ef982e5cf61769a96ca03227ae96c7f796adfd6cfc67579a53aac21807fa69a9abe2d75968f7994
- SSDEEP
  
  3072:sr85CY+mAYkygYdQ0ghnB1fA0PuTVAtkxzN3R4eqiOL2bBOAdcZqf7D34Tp/a:k9zGapB1fA0GTV8kLYLacZqf7DItS
Score

10^/10

neshta redline 9-23h credential_access discovery infostealer persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3
- Target
  
  SQLi_Dumper/TXT/SQLi Dumper-cleaned.exe
- Size
  
  2.1MB
- MD5
  
  74ad4b5aba46c5ca6614301b05227782
- SHA1
  
  6a1e568a45e1d559b3faddc378670d64413c1709
- SHA256
  
  77e56048d139c92aba0dbeeafc2af6568cd47340f0c4f255322167feb1766d42
- SHA512
  
  b810a9f1db417c51faf0556392933816e4947603260aa89ebbf67fbee37b677cf1973e53813b9f75abc13e47aaa629e65cc2142d28f09b131b1fb481185efa7b
- SSDEEP
  
  49152:b0rUA1jIIb6fMID2u41715Kqao5ZPRdtWOXbt4k4uJnmHrk4uJnm:b0rs+6fMIiL1J5KCjPRdtRXbtz4uJnm9
Score

3^/10

discovery
behavioral4