Overview

overview

9

Static

static

3

Nighty.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nighty.exe

  • Size

    94.0MB

  • Sample

    231006-wxzz4shb29

  • MD5

    eb7992808c1161feaa34c5c5909a15af

  • SHA1

    d8937e5c90366c8e1b69b22c8520c82d42e47319

  • SHA256

    3c83a8d74c587d4842434c87c584ae4d02933c48f68c5ceb8cb656792c93544a

  • SHA512

    a95c756c308e11fcd1ad0c68ea9b962eaa8918568b1c3f9edd9fd315233bc49f58b871dbc9c1093a6ce1a9aefa01bc062e4ee7deb071d668ff2170354454ab32

  • SSDEEP

    1572864:6W2hlBmc2H/1xRD400Tx+3oDlEzCq5Z4po+A5AOMPOXzEcoFEDvKRKOHzDCd5cQU:b2hyd4HTx+3MEwy+E9MPWzJVvK1nCdBU

Score
9/10
evasionpyinstallerthemidatrojan

Malware Config

Targets

    • Target

      Nighty.exe

    • Size

      94.0MB

    • MD5

      eb7992808c1161feaa34c5c5909a15af

    • SHA1

      d8937e5c90366c8e1b69b22c8520c82d42e47319

    • SHA256

      3c83a8d74c587d4842434c87c584ae4d02933c48f68c5ceb8cb656792c93544a

    • SHA512

      a95c756c308e11fcd1ad0c68ea9b962eaa8918568b1c3f9edd9fd315233bc49f58b871dbc9c1093a6ce1a9aefa01bc062e4ee7deb071d668ff2170354454ab32

    • SSDEEP

      1572864:6W2hlBmc2H/1xRD400Tx+3oDlEzCq5Z4po+A5AOMPOXzEcoFEDvKRKOHzDCd5cQU:b2hyd4HTx+3MEwy+E9MPWzJVvK1nCdBU

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks