Overview

overview

10

Static

static

10

gang nuker.py

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gang_nuker.rar

  • Size

    4.9MB

  • Sample

    240203-a9bx6adbd7

  • MD5

    0d7957770cd15c725105e09e1ef522d3

  • SHA1

    6a4c71f13a3c9f845f32fb0aca07f2f85df40710

  • SHA256

    18d50f05499e3311fa811582868c234924fef1e271586bdaac4403856f125ab5

  • SHA512

    2265ebb6de6b6348ddd8ac2e44bce4c4514a95dfee1494f19497c8fa8cd623811205750371a9e7aa003c00224f80ce70ac9c9e0eed0b312a110773276373ebed

  • SSDEEP

    98304:p2gd+32VFWXpu/cbpuTeyTBXFWs0DLOPXi4c0nHylzHAq7+Ans3rM:pdIaMu8dyTBXa+ncdzHAq7+z7M

Score
10/10
crealstealerdiscoverypersistence

Malware Config

Targets

    • Target

      gang nuker.py

    • Size

      11.1MB

    • MD5

      1c80ffbc9ec6f4b94e97c0061d4c5311

    • SHA1

      199d4102b3203c5e2866bd636e7c7f5e1f22c6a4

    • SHA256

      b71d0426e720edd06a7fde5bf5614cc47ee4051ed26e074c2c82adf360af21a4

    • SHA512

      5c4eac83f48c4b435b1fdbbd9ec638443dc0d0ad0a1907731730f57ac0e2cf6129898f0f620e163fdedf5e0ab894eef10e02a17c152eca3ad350ef4646d9455b

    • SSDEEP

      12288:V2+8gwhNesLEuVNFXS1y8XAyr3NHwDbnPu3euBvMA3ntJMl/M6p2lMG3:FjwhN1EkNN69dHUbPLudT3B6W

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks