Overview

overview

3

Static

static

1

GANG-Nuker.zip

windows10-1703-x64

1

GANG-Nuker/GANG.py

windows10-1703-x64

3

GANG-Nuker/README.md

windows10-1703-x64

3

GANG-Nuker...nt.txt

windows10-1703-x64

1

GANG-Nuker...ll.bat

windows10-1703-x64

1

GANG-Nuker...ts.txt

windows10-1703-x64

1

GANG-Nuker...NG.png

windows10-1703-x64

3

GANG-Nuker...ker.py

windows10-1703-x64

3

GANG-Nuker...gin.py

windows10-1703-x64

3

GANG-Nuker...ter.py

windows10-1703-x64

3

GANG-Nuker...ber.py

windows10-1703-x64

3

GANG-Nuker...kup.py

windows10-1703-x64

3

GANG-Nuker...nfo.py

windows10-1703-x64

3

GANG-Nuker...ore.py

windows10-1703-x64

3

GANG-Nuker...mon.py

windows10-1703-x64

3

GANG-Nuker...rys.py

windows10-1703-x64

3

GANG-Nuker...ate.py

windows10-1703-x64

3

Resubmissions

19/05/2023, 02:55 UTC

230519-deyefseg24 3

19/05/2023, 02:52 UTC

230519-dc76waef99 1

Analysis

  • max time kernel
    56s
  • max time network
    63s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/05/2023, 02:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GANG-Nuker/utilities/Plugins/QR_Grabber.py

  • Size

    7KB

  • MD5

    3589b36e551a493f2bd107a8cd1494c9

  • SHA1

    28a3d512940ece46b41195e26952d1dc39173ca2

  • SHA256

    986c7f4a068d7886c848a7d5de38d29ff7cff6845d070cfd280c3f847f916f69

  • SHA512

    6460bd34eb138d0af6780a677efde21ca73faa0632f22786e705a5bbd91d02cb4b3f799d18f256cda433df2d7bbbf6b345eb2003656b5d53ba840401f086ecd5

  • SSDEEP

    192:lFtb3r8h+pVWtg7UzyiDdMz82i/hx3uiLK:l9VCoUz119/hxu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\GANG-Nuker\utilities\Plugins\QR_Grabber.py
    1⤵
    • Modifies registry class
    PID:1620
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2580

Network

  • flag-us
    DNS
    62.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.13.109.52.in-addr.arpa
    IN PTR
    Response
  • 20.42.73.26:443
    322 B
     7
  • 8.238.21.254:80
    322 B
     7
  • 8.8.8.8:53
    62.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    62.13.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.