bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0 | Triage

Submit
Reports

Overview

overview

Static

static

bef074036d...b0.exe

windows7-x64

bef074036d...b0.exe

windows10-2004-x64

Sharing

General

Target

bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0
Size

69KB
Sample

220724-1sx26saafk
MD5

9f02f3b2bc5e861b62afbc2aacb82fc4
SHA1

9e583659be30b87d30d53c6d1c52f8edee881a80
SHA256

bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0
SHA512

90da0e11617c1e9fe928c9df5b802376f9d235345e88d43f1c6210a6b44a73c2f787c91dcf51e7e3eb754fec9225cc0b99e949c6415a101af4ce3fd0d60bdf02

Score

10^/10

evasion suricata

Static task

static1

Behavioral task

behavioral1

Sample

bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0.exe

Resource

win7-20220718-en

evasion suricata

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0.exe

Resource

win10v2004-20220721-en

evasion suricata

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0
- Size
  
  69KB
- MD5
  
  9f02f3b2bc5e861b62afbc2aacb82fc4
- SHA1
  
  9e583659be30b87d30d53c6d1c52f8edee881a80
- SHA256
  
  bef074036da6d2b09aeed1e29f7f965af9153783f1e6822dc7a455b0bd1796b0
- SHA512
  
  90da0e11617c1e9fe928c9df5b802376f9d235345e88d43f1c6210a6b44a73c2f787c91dcf51e7e3eb754fec9225cc0b99e949c6415a101af4ce3fd0d60bdf02
Score

10^/10

evasion suricata
- suricata: ET MALWARE [PTsecurity] Botnet Nitol.B Checkin
  suricata: ET MALWARE [PTsecurity] Botnet Nitol.B Checkin
  suricata
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionsuricata

behavioral2

evasionsuricata

© 2018-2024

Terms | Privacy