General
-
Target
2024-12-23_b3ba7afb650fbc73d5d7ba46d5e9f091_darkgate_neshta_ramnit_ransomlock
-
Size
4.5MB
-
Sample
241223-pmx97szlcj
-
MD5
b3ba7afb650fbc73d5d7ba46d5e9f091
-
SHA1
4f8f13afcd80d83cbe952774fee437ce32e87730
-
SHA256
f6f84b418926af4185426db6f6ad92aff970457e1ea707413fd95137a32a908d
-
SHA512
f86ec814fa90698baebba871a48fbbdb10b543c6cb839eba4288c2aa4865db357f371bd5dfaa95423a4f5e8c04c3a6809ad13579d88fecf69e672515d7db41ba
-
SSDEEP
49152:8AR/SCICrtvMLtAvVfJVgbhWss4lTDRLOyR0MKGKPhGi:NdAc6yVfJVg0ss4lZiGti
Malware Config
Targets
-
-
Target
2024-12-23_b3ba7afb650fbc73d5d7ba46d5e9f091_darkgate_neshta_ramnit_ransomlock
-
Size
4.5MB
-
MD5
b3ba7afb650fbc73d5d7ba46d5e9f091
-
SHA1
4f8f13afcd80d83cbe952774fee437ce32e87730
-
SHA256
f6f84b418926af4185426db6f6ad92aff970457e1ea707413fd95137a32a908d
-
SHA512
f86ec814fa90698baebba871a48fbbdb10b543c6cb839eba4288c2aa4865db357f371bd5dfaa95423a4f5e8c04c3a6809ad13579d88fecf69e672515d7db41ba
-
SSDEEP
49152:8AR/SCICrtvMLtAvVfJVgbhWss4lTDRLOyR0MKGKPhGi:NdAc6yVfJVg0ss4lZiGti
Score10/10-
Detect Neshta payload
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Ramnit family
-
ModiLoader First Stage
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-