c7faff5fb2e65b364befd2c2eeeb0fb30521b3f2600da24bcee3e8b8d17dbf1c | Triage

Sharing

General

Target

Nighty.exe
Size

128.5MB
Sample

240220-c2rdzshe9x
MD5

302de60224ceff1970999bc927b9a5ea
SHA1

c3335605419f81521b76078319d53f1fc1aa5b90
SHA256

c7faff5fb2e65b364befd2c2eeeb0fb30521b3f2600da24bcee3e8b8d17dbf1c
SHA512

d0d161e8fc5613c7eabee4fdf6fc686e4b9bf1dbd67944a25a4119fe5b0b02e62c3888e7baaaabc68aecaf987d9cdbd9684d93789461b10bb4c7ce13faa8b855
SSDEEP

3145728:mmls2Ny5/gYR/Lw4HTx+3MEwy+E9MPWzJVvK1nCdB6RPCanSC++vEH8CJ0Ll2:VyKydxzwz8eJ9LzJBmCcPCaSC1EHKL

Score

9^/10

bootkit evasion persistence pyinstaller trojan

Malware Config

Targets

- Target
  
  Nighty.exe
- Size
  
  128.5MB
- MD5
  
  302de60224ceff1970999bc927b9a5ea
- SHA1
  
  c3335605419f81521b76078319d53f1fc1aa5b90
- SHA256
  
  c7faff5fb2e65b364befd2c2eeeb0fb30521b3f2600da24bcee3e8b8d17dbf1c
- SHA512
  
  d0d161e8fc5613c7eabee4fdf6fc686e4b9bf1dbd67944a25a4119fe5b0b02e62c3888e7baaaabc68aecaf987d9cdbd9684d93789461b10bb4c7ce13faa8b855
- SSDEEP
  
  3145728:mmls2Ny5/gYR/Lw4HTx+3MEwy+E9MPWzJVvK1nCdB6RPCanSC++vEH8CJ0Ll2:VyKydxzwz8eJ9LzJBmCcPCaSC1EHKL
Score

9^/10

bootkit evasion persistence trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Nighty.pyc
- Size
  
  2.4MB
- MD5
  
  6bf475ec68cda6fe15458601e1e54cac
- SHA1
  
  94487d0e8acb99cb70e8a582c6b9a5112ebbfef7
- SHA256
  
  b99a622908a8fa8117e2bc8b15e168572befa29bb863c9c25a9e8fdf0e50ec35
- SHA512
  
  09a38dc7fab45a2a6171746941722e49e51cbf3dd483c1283ff3e020e9603bb2b5a7c7cc6d1644e2d150d39e7824fef139423dbdf1d5250e11196a362bd4adca
- SSDEEP
  
  49152:wPJLuY+oiMXC13NXFhnJtAfXJqTLVfUQW9dehdQzqqkDgUrqzOd2FXP:0uYyhFhnJtAfXJKYoQDa+f1P
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitevasionpersistencetrojan

behavioral2

bootkitevasionpersistencetrojan

behavioral3

behavioral4