Overview

overview

8

Static

static

1

NovaSetup.exe

windows7-x64

1

NovaSetup.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NovaSetup.exe

  • Size

    4.1MB

  • Sample

    230331-dn8lsahg6v

  • MD5

    9f5019341609a7b2bc1356a509520688

  • SHA1

    aa7d86fb786baff5055c7581eb07a457fcf162b4

  • SHA256

    0d33ab8f48e7046db2ef831c6297949734bb6dd8acd2e7d84afacfe2404454d1

  • SHA512

    ff9e2d29758ae1305cf7b344c0a1094402738ed933ffc61440f45831a529ee25cbf18f13ca7e0648d16b5c6c4af4e89b95536a4c9c3332a5399876b582618b97

  • SSDEEP

    98304:Tip6o9raOWcD9XdMPABIw/t6KHDiAwzUshkqXf0FZp:TcAOWs9XNBZ16M2HUykSI

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      NovaSetup.exe

    • Size

      4.1MB

    • MD5

      9f5019341609a7b2bc1356a509520688

    • SHA1

      aa7d86fb786baff5055c7581eb07a457fcf162b4

    • SHA256

      0d33ab8f48e7046db2ef831c6297949734bb6dd8acd2e7d84afacfe2404454d1

    • SHA512

      ff9e2d29758ae1305cf7b344c0a1094402738ed933ffc61440f45831a529ee25cbf18f13ca7e0648d16b5c6c4af4e89b95536a4c9c3332a5399876b582618b97

    • SSDEEP

      98304:Tip6o9raOWcD9XdMPABIw/t6KHDiAwzUshkqXf0FZp:TcAOWs9XNBZ16M2HUykSI

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks