Overview
overview
3Static
static
1GANG-Nuker.zip
windows10-1703-x64
1GANG-Nuker/GANG.py
windows10-1703-x64
3GANG-Nuker/README.md
windows10-1703-x64
3GANG-Nuker...nt.txt
windows10-1703-x64
1GANG-Nuker...ll.bat
windows10-1703-x64
1GANG-Nuker...ts.txt
windows10-1703-x64
1GANG-Nuker...NG.png
windows10-1703-x64
3GANG-Nuker...ker.py
windows10-1703-x64
3GANG-Nuker...gin.py
windows10-1703-x64
3GANG-Nuker...ter.py
windows10-1703-x64
3GANG-Nuker...ber.py
windows10-1703-x64
3GANG-Nuker...kup.py
windows10-1703-x64
3GANG-Nuker...nfo.py
windows10-1703-x64
3GANG-Nuker...ore.py
windows10-1703-x64
3GANG-Nuker...mon.py
windows10-1703-x64
3GANG-Nuker...rys.py
windows10-1703-x64
3GANG-Nuker...ate.py
windows10-1703-x64
3Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
19/05/2023, 02:55
Static task
static1
Behavioral task
behavioral1
Sample
GANG-Nuker.zip
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
GANG-Nuker/GANG.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
GANG-Nuker/README.md
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
GANG-Nuker/data/useragent.txt
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
GANG-Nuker/install.bat
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
GANG-Nuker/requirements.txt
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
GANG-Nuker/utilities/Avatars/GANG.png
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
GANG-Nuker/utilities/Plugins/Account_Nuker.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
GANG-Nuker/utilities/Plugins/Auto_Login.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
GANG-Nuker/utilities/Plugins/DM_Deleter.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
GANG-Nuker/utilities/Plugins/QR_Grabber.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
GANG-Nuker/utilities/Plugins/Server_Lookup.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
GANG-Nuker/utilities/Plugins/Token_Info.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
GANG-Nuker/utilities/Plugins/ignore/ignore.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
GANG-Nuker/utilities/Settings/common.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
GANG-Nuker/utilities/Settings/libarys.py
Resource
win10-20230220-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
GANG-Nuker/utilities/Settings/update.py
Resource
win10-20230220-en
windows10-1703-x64
General
-
Target
GANG-Nuker/GANG.py
-
Size
56KB
-
MD5
bc50e1d701acdde592290f9c1f9e7082
-
SHA1
9594a98b9067f6253f000256debcec54d4e00d79
-
SHA256
65b69cbef2cded04077d5dddd4f5adc53a754a13ca6bf4d6ed83e124b1a41434
-
SHA512
d3a34c0813556495fa2168166d45d2daa9c43e253f25946ad8050ae3243a59fbdebdc704c20229613f55d238f0e4e655087d58564c6060a2a52671707fb247e7
-
SSDEEP
1536:cTxfDENXRV9L4gDSwFqWl6qykKn9IzJA1R255G+hbQj4A+Ud:yx7PgDSY/l6qykKn9IzJA1k55G+FQjNH
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2420 OpenWith.exe -
Suspicious use of SetWindowsHookEx 63 IoCs
pid Process 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe 2420 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\GANG-Nuker\GANG.py1⤵
- Modifies registry class
PID:1780
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2420