Overview

overview

3

Static

static

1

GANG-Nuker.zip

windows10-1703-x64

1

GANG-Nuker/GANG.py

windows10-1703-x64

3

GANG-Nuker/README.md

windows10-1703-x64

3

GANG-Nuker...nt.txt

windows10-1703-x64

1

GANG-Nuker...ll.bat

windows10-1703-x64

1

GANG-Nuker...ts.txt

windows10-1703-x64

1

GANG-Nuker...NG.png

windows10-1703-x64

3

GANG-Nuker...ker.py

windows10-1703-x64

3

GANG-Nuker...gin.py

windows10-1703-x64

3

GANG-Nuker...ter.py

windows10-1703-x64

3

GANG-Nuker...ber.py

windows10-1703-x64

3

GANG-Nuker...kup.py

windows10-1703-x64

3

GANG-Nuker...nfo.py

windows10-1703-x64

3

GANG-Nuker...ore.py

windows10-1703-x64

3

GANG-Nuker...mon.py

windows10-1703-x64

3

GANG-Nuker...rys.py

windows10-1703-x64

3

GANG-Nuker...ate.py

windows10-1703-x64

3

Resubmissions

19/05/2023, 02:55

230519-deyefseg24 3

19/05/2023, 02:52

230519-dc76waef99 1

Analysis

  • max time kernel
    56s
  • max time network
    63s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/05/2023, 02:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    GANG-Nuker/utilities/Plugins/QR_Grabber.py

  • Size

    7KB

  • MD5

    3589b36e551a493f2bd107a8cd1494c9

  • SHA1

    28a3d512940ece46b41195e26952d1dc39173ca2

  • SHA256

    986c7f4a068d7886c848a7d5de38d29ff7cff6845d070cfd280c3f847f916f69

  • SHA512

    6460bd34eb138d0af6780a677efde21ca73faa0632f22786e705a5bbd91d02cb4b3f799d18f256cda433df2d7bbbf6b345eb2003656b5d53ba840401f086ecd5

  • SSDEEP

    192:lFtb3r8h+pVWtg7UzyiDdMz82i/hx3uiLK:l9VCoUz119/hxu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\GANG-Nuker\utilities\Plugins\QR_Grabber.py
    1⤵
    • Modifies registry class
    PID:1620
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2580

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads