General

  • Target

    massexe.rar

  • Size

    1.2MB

  • Sample

    241206-yft4mstndt

  • MD5

    6a49c9dacdc038969eb4be05fda5cec1

  • SHA1

    86ec1d0aff1082392731091209bad28efb0af06b

  • SHA256

    0978712dbec1d91834dea2ca5f5e2115f32ab576ac57d40ff0a1ea337fecdae9

  • SHA512

    f1e0b5068bd2e3f4c283f5300dffb3e67a26f4529d84e9e3c2c78948356234450846541c7b7004e4ce4fc251ddf67d7a41746e4c5f7390adf4af32a75a7af80d

  • SSDEEP

    24576:FobC50XWdALUQ+H17ld8xUfhxfioB3vzJcVXuVAGkOBmu/gPV:J0XGAX+H1ZdY2LiO3dc0VAGfX/qV

Malware Config

Targets

    • Target

      massexe.rar

    • Size

      1.2MB

    • MD5

      6a49c9dacdc038969eb4be05fda5cec1

    • SHA1

      86ec1d0aff1082392731091209bad28efb0af06b

    • SHA256

      0978712dbec1d91834dea2ca5f5e2115f32ab576ac57d40ff0a1ea337fecdae9

    • SHA512

      f1e0b5068bd2e3f4c283f5300dffb3e67a26f4529d84e9e3c2c78948356234450846541c7b7004e4ce4fc251ddf67d7a41746e4c5f7390adf4af32a75a7af80d

    • SSDEEP

      24576:FobC50XWdALUQ+H17ld8xUfhxfioB3vzJcVXuVAGkOBmu/gPV:J0XGAX+H1ZdY2LiO3dc0VAGfX/qV

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      massexe/Input.txt

    • Size

      852KB

    • MD5

      66859c6a8d52d61400e5f1c7ebe785de

    • SHA1

      9f3557a25545ead035d5083293524028869bdf4f

    • SHA256

      9d41547923d778e3d1fa8320d94f910c2df90ab5d95dd76a2e40314769c86a41

    • SHA512

      824f1d1cc711660aaf2333ecb53c7135b522dd8a30fdab65025e784882ec810ba400802af3ae44761d352555d5996e0ce7e64fcb88443be27092989208579a8e

    • SSDEEP

      1536:EmZEDPA73OhGrAqIcczFmv425fadBN4dXlh7jCv0dxMUsmegXsz5Rv70Dv3l9KrB:JATl

    Score
    1/10
    • Target

      massexe/Massscan_GUI.exe

    • Size

      374KB

    • MD5

      2b32e197224207df4d688f00f79b2c51

    • SHA1

      02c04f489f8566bcf661d159a36b3eb34934af5e

    • SHA256

      1d7b3e6f89d5e2d1b6e25d3e2542fe5d9caba93646275f5c62e93dc42e48e805

    • SHA512

      fdc38ea555a51e2008dbee0f8f85d01a20235dbf7fa615bd79f1711afe12d758b206356849b7784f600e5a95f782b472c6e1388efcf4a254ce646deb8ab6b08f

    • SSDEEP

      3072:sr85C+56z456zB56zuIXk89V756zMVaxe0aX5Cw9j:k91j8Xcanj

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      massexe/Packet.dll

    • Size

      94KB

    • MD5

      1250bef11bfa086f772cd2a273bc036e

    • SHA1

      bfb60b4072f4533d8497f3d90631f818e345bcc6

    • SHA256

      6b19cffaa2bf4359be1a0130a1fb47ab45e8c3be5d0cb7986579c5e04e1d77a5

    • SHA512

      76cbc346468d400c4e6a95b3c91abfec0a63a375aade6f47c70a3b3db76c513bcfd91ed2994059a6c8bdd6b266f9b17ecf11f9941481c7a2692925d2457f5bba

    • SSDEEP

      1536:6wG9plhvRIRVC2wJAyPFCnPKc0z70yIKtIn8zVpWj:E9rjh5t9cZyIKtInb

    Score
    3/10
    • Target

      massexe/_config.ini

    • Size

      36B

    • MD5

      f2f6b3a06183ba78036b01892fdbf89b

    • SHA1

      159273566da38c3d9f004b3935ff03771a496b41

    • SHA256

      fea68e0356634d39eb0f5a159533bbc58cd1e6caf2d6e416d9721b6f02d56882

    • SHA512

      19438c84a83dabef57b3177756fd91fe46d69731fc3ef57025c132c5ba8cc16e0dc83ac9d999635e1044c802c8a599bae21f8bfd30bf08bcd4ea398cc04e4639

    Score
    1/10
    • Target

      massexe/masscan.exe

    • Size

      273KB

    • MD5

      bcaa226fd557ba6ca18628e1ae3c6053

    • SHA1

      2cb78f3f36b27bc692c4856bd6cb20e2cebdb344

    • SHA256

      f7f2af6f4dd9d0af03e6af3aba685969ec9ed22295055882e571bef3e96bbc4e

    • SHA512

      de0bac7d4cf9d2a00bb880e04d788d3bb21a243864b1df089547c2f4b20e7e18e8b3ce2f784b44c61561e4dccf350ea01e65dd9f943e98f833879fcb1db4a65a

    • SSDEEP

      6144:k9wmz/EkPt1xeHP9mCeswbjnK6swOp9cLKQaNTiL:Iz/Ek1eHP9KPf698hMTY

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      massexe/msvcr100.dll

    • Size

      755KB

    • MD5

      0e37fbfa79d349d672456923ec5fbbe3

    • SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

    • SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

    • SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

    • SSDEEP

      12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z

    Score
    3/10
    • Target

      massexe/winpcap-4.13.exe

    • Size

      464KB

    • MD5

      ce5cf0bb6b5d6da269289007b17652e3

    • SHA1

      9d81fd8d4b20dc7d68e6783ff872ff577dbebd2c

    • SHA256

      4ac6a84eda7b4b474f00118733da6e7f33c35f009a554a6f78d4464cb7101192

    • SHA512

      c503821a71ef2e4861d6009fa48a1b69ff88e8bfc6ff2244f652e2dca60004c80e4cc6b1cb22f67ccd43a26dc037d1c7fcce1ff031ecc16820dbc96675857d77

    • SSDEEP

      6144:k9X3dmkMIdQQkpxYLcP+k471Xr4bjMxiW+D/xqfF3o2KCzDunki8m/VlidXTj2EF:W34kDdc8L4bQA5qt3CxnkLwlQFPcOLsk

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      massexe/wpcap.dll

    • Size

      220KB

    • MD5

      5c5561185a8751711156934585f002e8

    • SHA1

      4bc6097e41191903fcec60b5b6363c857e2d25af

    • SHA256

      4c2b690d8d9afaefc531d1fedcf2d067ffca8b7e2f99072014b6a6d8edfdc49c

    • SHA512

      6cb133fb2b8adbf5a939dadb9ea62f9400999eecbb0fd7af07cb6350cb02f2bb9133db61140776ad79addd8574a6ab4d78236ac816e4bbe2f95cf3a77823b2fc

    • SSDEEP

      3072:mHrZxq7dQ2qjbGO4eQ9KuuwN3Ch0kIrNsZ3Gva5aOlqPozwH:mHHqHb5eQEaN3O0kgyZ3j51

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks