Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Nezur.exe

windows7-x64

1

Nezur.exe

windows10-2004-x64

6

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

start.bat

windows7-x64

6

start.bat

windows10-2004-x64

6

Resubmissions

14/02/2024, 03:14

240214-drczaafe3s 6

13/02/2024, 22:25

240213-2b1bmsbg82 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nezur (1).zip

  • Size

    477KB

  • Sample

    240214-drczaafe3s

  • MD5

    299ae221cfd986385576228b45c3e076

  • SHA1

    6b533e1fe33d7e67bbe58c64997a81c49308e9a4

  • SHA256

    b21f293030df8c3706f999d014d0e31c7673e07dd45e813e23ce80c606bd74cc

  • SHA512

    36732d46253feba81fed54fd7d0317ea2c8cb76306ba03f5d8c452d262d07c850c3c5d38e53c3ef01010e83918ea987258e4b15674f84cfba39db80105206efe

  • SSDEEP

    12288:eiN+cU0Yz3jBL75xwc4XscIFl4zA6fzvBLLkwRy:RKjRdxwr81FlQxfDxLkd

Score
6/10
bootkitpersistence

Malware Config

Targets

    • Target

      Nezur.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    behavioral3behavioral4

    • Target

      start.bat

    • Size

      548B

    • MD5

      12c37bf6537bfdf93b80c31f6d1391b2

    • SHA1

      43df564e4988008f3e97167837f58f1452cf3d13

    • SHA256

      cab7b8973dd5f7252af6a1a080deec442acd1e6bdd6c7476bd73e39553751222

    • SHA512

      c59645da2377ec2eb8c4ca75174379134dc657741ee324fc6fd38170b9704852bf136a919fe0363ea85befe61e8838ef74dad07e365392d8f8f6462bb1ba75f9

    Score
    6/10

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks