General
-
Target
valo.7z
-
Size
4.6MB
-
Sample
250210-tbbdhsxket
-
MD5
318ab2045734f37a897211141e0d6366
-
SHA1
5a22c155d558b4757270499ab683994416994fa8
-
SHA256
6b9db92b56ba90f8ae4a00e0980a384eb3cbe5acf88405f0cb5758ddb2fc60e3
-
SHA512
82a4a6a20bf95b37253506cd9be384030690b44b549f443e612f84144c74f5bee83032e58f32eaa5726e8275c1203a7c55873f57b624e3f0247c96e7868a55f9
-
SSDEEP
98304:U0uggDYIXwGP8IEI5tQHxwWLkE+GZx2FjE+HdZ7:UgShP8I5teHr+GZx2JV7
Malware Config
Targets
-
-
Target
valo/128034b59b7011ed13035550b6a88562.pdb
-
Size
8.2MB
-
MD5
22653fed545e1d9f0f1038e41d718b9a
-
SHA1
d1da5a5feca2d7ca1e2dcac1516291112f3bef9a
-
SHA256
e07ee884f0c208d681a00333709f8afc5d4358804535fb7aed68b9531af1e053
-
SHA512
03d689bf49b53c4c2021234c42204eab86a70f16d4763a2dfb20a38d1ca5846ae4d3bc5a8230b7a90698f53209542073b83923fd37a156192d43da11834772eb
-
SSDEEP
49152:cQB03oRPpuYW8CzZxdaiRee7HWHkGbdZEpof6/y/TkytabZ7q7:dB03oBpuzOPVlI5g
Score8/10-
Downloads MZ/PE file
-
-
-
Target
valo/LUA.exe
-
Size
2.7MB
-
MD5
0f611ea0e274baff8f59d4cc9a26d30c
-
SHA1
7df4e6e1ccea151bdfcfd89a071a6138d2b5663e
-
SHA256
3698e65466f471c8af44bc142858ae76ef699cf75120094b441ba99d1d19910c
-
SHA512
e0083eb5f060c33302eef88ba55c46f77a76d5785a8bb58e85f0fc20051a60abe0adf9d13d99d6d96f0f00c24e0222a3d1c7616fe5c0eea9f6b3f9ae594d5eb7
-
SSDEEP
24576:k00Ol9ch7zMxyltGbhikjjZKarnevk9CNFVdeNFGk078+wnuGKFgbT9LLnyyT85P:lPlC7zMkAfnwPvUCH2J0Qnyi8R
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
valo/LUA.pdb
-
Size
6.9MB
-
MD5
b8f12dbfcae082126347376a7541a4ea
-
SHA1
e5562e67a479790b33331cb9624d6ba36ea5f286
-
SHA256
32e156e99c508807c6d7e133f9557d5d1afbccf476f6521f096b437c094ff1e1
-
SHA512
63c1f729bc408d4192a19ba8c0f66f3ee730ea5e6e631d9698cc23690e8363b3c6183368619cc0ea6010f469008a83c1d4d5f8a360018c18ab094aae962e87a7
-
SSDEEP
98304:RAwfqlseIm6P3/hDeHtnMH0p0B6oraKbK0regBOF5lI0:bHrdregp
Score3/10 -
-
-
Target
valo/Mapper.exe
-
Size
155KB
-
MD5
40fc771615fcae778f2e2568fd56f00d
-
SHA1
f3d630a8b5de51a65345662d85c7b77e133c1229
-
SHA256
0ed170c8e9fa8a324c0274d9697f0deae1d8959fa96ddac3ba6f4b761dcd1d7b
-
SHA512
9ef7df19d893366ecea05abafac96ea629054836467bf380d66a266ba35d58e20193bdcf0a1cfe69f7e6e3325a7a719472f40095e0289746a92075bd79ebf7e7
-
SSDEEP
3072:sr85C+WUtsrVYY9jXTD+mJEqQyvETBCcSesQHsi4ulpGDk+j:k9dOspYYFD+1yM9n1tHsSlpGDPj
Score10/10-
Detect Neshta payload
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
-
-
Target
valo/Oykyo.sys
-
Size
1.0MB
-
MD5
4a745b0f9e69846f2f849612cdf637bd
-
SHA1
b41ad6f60e14ac292b6f055e894a4ecc21c1567b
-
SHA256
025a0e877c796a2f315710e5200ff11a04fd23a268d2109f252e845a9cc7c8a3
-
SHA512
f9fe3b88e483850cd5fd4e061ec49ad5743adc16f37b7c4d91eddf179a9587002cf0810bcc67aa20eda419756e02add1ec6ba9a387d611ca107c49853488c56c
-
SSDEEP
24576:8XgItDb1NTSceM0pTHrD9sdOBA1sITLzp3Jl8FYt3VIc6mEOrs5lNye:Ugq1NTxoPCdIA1sITLl3oKJ6mEO2lV
Score8/10-
Downloads MZ/PE file
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1