nosu | 6a2c84aa44e56953f4e2af1e6eb79c80997695ad74db5b80a17e2134feff946a | Triage

Sharing

General

Target

6a2c84aa44e56953f4e2af1e6eb79c80997695ad74db5b80a17e2134feff946a
Size

734KB
Sample

230329-jvzkcaha5v
MD5

efd45307df4754e7facbb561fb091721
SHA1

3236e0c1329aa4cb4f1e76d8d4c418d632cadec5
SHA256

6a2c84aa44e56953f4e2af1e6eb79c80997695ad74db5b80a17e2134feff946a
SHA512

dcda4d9bebfe5d635821ce2875670a7161105e559f488011c7effc269d750fa7215c35d6c77fa1d78420310a6c2cefd6c534186b8850778754cfd6a4a7cd6743
SSDEEP

12288:zPDiJJG05qrVujzjkv45nG2JoGhkgGt4z9MqCb4jyKrxo6EbpYx0:rmb3GVsfkv4I2Wi0t4s4jPG6Eb

Score

10^/10

nosu collection spyware stealer

Malware Config

Targets

- Target
  
  6a2c84aa44e56953f4e2af1e6eb79c80997695ad74db5b80a17e2134feff946a
- Size
  
  734KB
- MD5
  
  efd45307df4754e7facbb561fb091721
- SHA1
  
  3236e0c1329aa4cb4f1e76d8d4c418d632cadec5
- SHA256
  
  6a2c84aa44e56953f4e2af1e6eb79c80997695ad74db5b80a17e2134feff946a
- SHA512
  
  dcda4d9bebfe5d635821ce2875670a7161105e559f488011c7effc269d750fa7215c35d6c77fa1d78420310a6c2cefd6c534186b8850778754cfd6a4a7cd6743
- SSDEEP
  
  12288:zPDiJJG05qrVujzjkv45nG2JoGhkgGt4z9MqCb4jyKrxo6EbpYx0:rmb3GVsfkv4I2Wi0t4s4jPG6Eb
Score

10^/10

nosu collection spyware stealer
- Nosu
  Nosu is an info stealer written in C++ first seen in late 2022.
  stealer nosu
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nosucollectionspywarestealer