General

  • Target

    b0886ed8ed64e18df4c04b7858f57fd6000d156202f66d6f92212008c9cbf301

  • Size

    531KB

  • Sample

    241004-nay6as1arj

  • MD5

    b2c5fbd11e13c2725b85a43de7fa4d02

  • SHA1

    e576e5d0cc349641d5fd151108f71f67e736d84b

  • SHA256

    b0886ed8ed64e18df4c04b7858f57fd6000d156202f66d6f92212008c9cbf301

  • SHA512

    e7e87b7261b605b8430cada12b78dd43b3a6fd4e1e2524bdaaf2515dea14d80e9c114a302bc242a91154eb985c60da9e281f868806c368e8d75214474be37698

  • SSDEEP

    12288:/WwchTq0vxPQqeaMDoegIG6hkNwUJKXeLaygfVlF4h:/WwchTq0vxPJMDoegIGokWUJmeLObCh

Malware Config

Targets

    • Target

      b0886ed8ed64e18df4c04b7858f57fd6000d156202f66d6f92212008c9cbf301

    • Size

      531KB

    • MD5

      b2c5fbd11e13c2725b85a43de7fa4d02

    • SHA1

      e576e5d0cc349641d5fd151108f71f67e736d84b

    • SHA256

      b0886ed8ed64e18df4c04b7858f57fd6000d156202f66d6f92212008c9cbf301

    • SHA512

      e7e87b7261b605b8430cada12b78dd43b3a6fd4e1e2524bdaaf2515dea14d80e9c114a302bc242a91154eb985c60da9e281f868806c368e8d75214474be37698

    • SSDEEP

      12288:/WwchTq0vxPQqeaMDoegIG6hkNwUJKXeLaygfVlF4h:/WwchTq0vxPJMDoegIGokWUJmeLObCh

    • Parasite, Nexus

      Parasite (or Nexus) is an infostealer written in C++.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks