30721718265f7daf74537fa568538d7401eb2d4d44956a762a5554aea9125520 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

nagogy.bat

windows7-x64

1

nagogy.bat

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

nagogy.bat
Size

825KB
Sample

230605-ha76bafb62
MD5

3904e52b3c695fc9ed5597ad43ad7e1e
SHA1

8d7e466864bfa7537174dbe4f415c441568eb256
SHA256

30721718265f7daf74537fa568538d7401eb2d4d44956a762a5554aea9125520
SHA512

5e6d13a315256c5e14085c88b81f9a19c42387b324ce75cc6fa85fa5f62ae77eb5e0e2cc17dd341c2afada8880793674f5edb542033fb8757b35356ff4551aec
SSDEEP

384:Kkolp89CairObhgpwcSCDNKv6xtdBANdRxtjSQwlJeEuiHovbwwTMZ/t2nOlfUcS:hToh1X6klJ7uiHovbEsfKZTTz2Ff

Score

8^/10

pyinstaller spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

nagogy.bat

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

nagogy.bat

Resource

win10v2004-20230220-en

pyinstaller spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  nagogy.bat
- Size
  
  825KB
- MD5
  
  3904e52b3c695fc9ed5597ad43ad7e1e
- SHA1
  
  8d7e466864bfa7537174dbe4f415c441568eb256
- SHA256
  
  30721718265f7daf74537fa568538d7401eb2d4d44956a762a5554aea9125520
- SHA512
  
  5e6d13a315256c5e14085c88b81f9a19c42387b324ce75cc6fa85fa5f62ae77eb5e0e2cc17dd341c2afada8880793674f5edb542033fb8757b35356ff4551aec
- SSDEEP
  
  384:Kkolp89CairObhgpwcSCDNKv6xtdBANdRxtjSQwlJeEuiHovbwwTMZ/t2nOlfUcS:hToh1X6klJ7uiHovbEsfKZTTz2Ff
Score

8^/10

pyinstaller spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

pyinstallerspywarestealer

© 2018-2025

Terms | Privacy