Overview

overview

10

Static

static

10

nezur.rar

windows7-x64

3

nezur.rar

windows10-2004-x64

3

nezur/nezu...ur.exe

windows7-x64

7

nezur/nezu...ur.exe

windows10-2004-x64

7

�,l]+i�.pyc

windows7-x64

�,l]+i�.pyc

windows10-2004-x64

nezur/nezu...ME.txt

windows7-x64

1

nezur/nezu...ME.txt

windows10-2004-x64

1

nezur/nezu...er.dll

windows7-x64

1

nezur/nezu...er.dll

windows10-2004-x64

1

nezur/nezu...on.dll

windows7-x64

1

nezur/nezu...on.dll

windows10-2004-x64

1

nezur/nezu...er.dll

windows7-x64

1

nezur/nezu...er.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nezur.rar

  • Size

    7.3MB

  • Sample

    231101-rn1stsgc5x

  • MD5

    57f97951f8836eec896f2cff7f855880

  • SHA1

    bf8bbf89a27ab8c5eb5007788c50a6c4b26e7705

  • SHA256

    b6b28dba0dce19d3dc8fac2261298c22ec02cd89c38303aa49a56f191cba5350

  • SHA512

    02fcddf4c57c841c9f215dd3a3d86840dc5af39a430d46d2d4274d2fa1a2a8529d1c386f4ae926feca37cc845e7e696da0dd4345b6fc8a57447ab165954cd0bf

  • SSDEEP

    196608:X+ipT02aG19pfAdjbG72l1KoCJsuF3bR/Lpy3rzRW+A:X+qpfAdjS72TKoK3lzOhk

Score
10/10
blankgrabberspywarestealerupx

Malware Config

Targets

    • Target

      nezur.rar

    • Size

      7.3MB

    • MD5

      57f97951f8836eec896f2cff7f855880

    • SHA1

      bf8bbf89a27ab8c5eb5007788c50a6c4b26e7705

    • SHA256

      b6b28dba0dce19d3dc8fac2261298c22ec02cd89c38303aa49a56f191cba5350

    • SHA512

      02fcddf4c57c841c9f215dd3a3d86840dc5af39a430d46d2d4274d2fa1a2a8529d1c386f4ae926feca37cc845e7e696da0dd4345b6fc8a57447ab165954cd0bf

    • SSDEEP

      196608:X+ipT02aG19pfAdjbG72l1KoCJsuF3bR/Lpy3rzRW+A:X+qpfAdjS72TKoK3lzOhk

    Score
    3/10
    behavioral1behavioral2

    • Target

      nezur/nezurbit/Nezur.exe

    • Size

      6.9MB

    • MD5

      68fe24004e2ea1a4a8afa0f2eb336bfa

    • SHA1

      6ba87ed3f2a777188d68ecc744f76cb7ed2d338b

    • SHA256

      8e322b34d13757f09670a80c670e6ad24576f0db29ed9668a3b84cdebcafe829

    • SHA512

      305d8e122a912317898ba22ba642d19641f0e3fc1802da8d3f1bb00e3b080fd351cdec0f7bd155a9430ce726491b1d6a066f8bb3a4968a96357dc8cb1709aa82

    • SSDEEP

      98304:J7zHqdVfB2FS27wfQUyuT/9vUIdD9C+z3zO917vOTh+ezDNh79vmJ1nmOBN9n4mh:JXQsW3bT/9bvLz3S1bA3zsn97+0v

    Score
    7/10
    upxspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      �,l]+i�.pyc

    • Size

      1KB

    • MD5

      56a3d4127969dae7fab19cfb2c6b4530

    • SHA1

      5a44c1c2f03a0b0160e11aea9ba3a1147aa6a2d6

    • SHA256

      e224721e5f302d0a15bbe1f0053de0d85ba49b9c8db4f4748dee839bf6573b82

    • SHA512

      16a3540f438cbdc311ee4d5d48d01794940dbe3f2f96a8cd32aae4e6892e3a2514c34ddc4f54f9f1a67b673e59aa8ec313b8f5d73de7aa211bca8b488c9c3fb1

    Score
    1/10
    behavioral5behavioral6

    • Target

      nezur/nezurbit/README.txt

    • Size

      277B

    • MD5

      999672e34df10954abb344f12b490d02

    • SHA1

      215923a3caff4b38b54e243e5d6a891ba23df017

    • SHA256

      1d769b1019a253d1a007fff71eb9efb0535ffeae4200524abced03b85f731128

    • SHA512

      d7a34fc56e26e7bd0c5fc280b90d66ed2292dd29d860b8025337eb763a5320984c2f5e3278206b3e35a3b95a42eda6105d9fe427411cf75d81157f78c6f1db02

    Score
    1/10
    behavioral7behavioral8

    • Target

      nezur/nezurbit/SoftWareChecker.dll

    • Size

      391KB

    • MD5

      0fb548e59e41d3cc86e1e03d5ec4fba9

    • SHA1

      0b9715d71ef16ca7ea9dda0bac6a3944cfa01955

    • SHA256

      dc080eb3d14da1e68f952df526f0f6cd3a865a0f558d6b04a29599503fbf50da

    • SHA512

      d77f318185e3fda3f7aa365bea4da6a6b903464d5cb5fcd6e3aed894ef5287e8a5108903eef4c194c747793828bc1f1dee2077fa5cbb462f7aec3be646cfa0a0

    • SSDEEP

      6144:QbfZaRA2CfvxiavOFYq4Pj0AjnW3UJC0NdcvcxWuYpHRPTDpAMydmyDX:QbfZaRhCs14PS370o5pH576

    Score
    1/10
    behavioral10behavioral9

    • Target

      nezur/nezurbit/byfron.dll

    • Size

      391KB

    • MD5

      0fb548e59e41d3cc86e1e03d5ec4fba9

    • SHA1

      0b9715d71ef16ca7ea9dda0bac6a3944cfa01955

    • SHA256

      dc080eb3d14da1e68f952df526f0f6cd3a865a0f558d6b04a29599503fbf50da

    • SHA512

      d77f318185e3fda3f7aa365bea4da6a6b903464d5cb5fcd6e3aed894ef5287e8a5108903eef4c194c747793828bc1f1dee2077fa5cbb462f7aec3be646cfa0a0

    • SSDEEP

      6144:QbfZaRA2CfvxiavOFYq4Pj0AjnW3UJC0NdcvcxWuYpHRPTDpAMydmyDX:QbfZaRhCs14PS370o5pH576

    Score
    1/10
    behavioral11behavioral12

    • Target

      nezur/nezurbit/byfronbypasser.dll

    • Size

      391KB

    • MD5

      0fb548e59e41d3cc86e1e03d5ec4fba9

    • SHA1

      0b9715d71ef16ca7ea9dda0bac6a3944cfa01955

    • SHA256

      dc080eb3d14da1e68f952df526f0f6cd3a865a0f558d6b04a29599503fbf50da

    • SHA512

      d77f318185e3fda3f7aa365bea4da6a6b903464d5cb5fcd6e3aed894ef5287e8a5108903eef4c194c747793828bc1f1dee2077fa5cbb462f7aec3be646cfa0a0

    • SSDEEP

      6144:QbfZaRA2CfvxiavOFYq4Pj0AjnW3UJC0NdcvcxWuYpHRPTDpAMydmyDX:QbfZaRhCs14PS370o5pH576

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v15

Tasks