General

  • Target

    44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1

  • Size

    7.1MB

  • Sample

    241216-1j5qna1kgs

  • MD5

    774542c18369a36cbb4281782fded87f

  • SHA1

    45292130f77e484bbaab72792890d9f61419bf82

  • SHA256

    44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1

  • SHA512

    693701ecd1a90887ce6b90827dcffdabb93f1594622e65bfcb9c8cc3642ca27dd82a4e43d95ee7150076d0dcfcb727edfdda1b85cb078230e02f1b5f14e9cf78

  • SSDEEP

    98304:gGOSnfbzz2d463IROME9bCOspSizzAukSFdhkq/Bc7iJc8Id59OLtk+e:CSj3C4GIIdCOs2hSFdhJ/aemHdIk

Malware Config

Targets

    • Target

      44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1

    • Size

      7.1MB

    • MD5

      774542c18369a36cbb4281782fded87f

    • SHA1

      45292130f77e484bbaab72792890d9f61419bf82

    • SHA256

      44c07ad4e0559d0f4c9884b8665243eef2772f2990328a82a2c40559ff88dea1

    • SHA512

      693701ecd1a90887ce6b90827dcffdabb93f1594622e65bfcb9c8cc3642ca27dd82a4e43d95ee7150076d0dcfcb727edfdda1b85cb078230e02f1b5f14e9cf78

    • SSDEEP

      98304:gGOSnfbzz2d463IROME9bCOspSizzAukSFdhkq/Bc7iJc8Id59OLtk+e:CSj3C4GIIdCOs2hSFdhJ/aemHdIk

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Neshta family

    • Xmrig family

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks