Overview

overview

8

Static

static

1

Novzr.msi

windows7-x64

8

Novzr.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07122023_0119_KRR.zip

  • Size

    921KB

  • Sample

    231206-vvxarsfg4t

  • MD5

    95507e5f56813c9b527af89dd761ef1f

  • SHA1

    2c407a26790a493fcffbd4c24af9b5fdee836bbc

  • SHA256

    80cc47d4f2c01cd864da8d0a6616fd1ffef9b85c5efc94ad76364f83dbbad029

  • SHA512

    adb2f7dae1aa509e1804e7fe0d576c1d749c9b415bfca47fc8c0dc4ea028555f8bb75c3f45208f28104bcf597e4b7bc4ee8bfa501b8c2e375331427965e6ba21

  • SSDEEP

    24576:XJ9Utl9SeKQfLNTaPEQ3Y+Aj8zBYZrnz7ec/WoZvgI/MIkMrWrS:XHUtjZDNTac6Y+AwmDvZr/MhMrWrS

Score
8/10
dave

Malware Config

Targets

    • Target

      Novzr.msi

    • Size

      1.1MB

    • MD5

      e2971d312ab219c4bf7f8fce51b20ee4

    • SHA1

      5ecc4fc2ad43d23fede25e7506c870c6a4fc83b3

    • SHA256

      45cc68c5a0c57024409b77d83834d2981a6374a6e439b64a91f2db037de94ff4

    • SHA512

      6a43c2bbee1f067e46c70f939c43ee5f10267b122dd0e12cc6613178e77aa627fd1f8878e9205ee18622fba3d8b2e5db085898b19bcd49e89785f929d9caba0e

    • SSDEEP

      24576:55RnUeiNpNjX2PsQ67IzRNYZcE++dQoDvgW/MI2crW6/:nLi3NjmbMmhUtDD/MdcrW6/

    Score
    8/10
    dave

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks