Overview

overview

8

Static

static

3

NexLevel.exe

windows7-x64

8

NexLevel.exe

windows10-2004-x64

5

cpprest_2_10.dll

windows7-x64

1

cpprest_2_10.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nexlevel.zip

  • Size

    14.2MB

  • Sample

    240426-n5bngsbh4x

  • MD5

    2e170c906cefc367f3da0d5166e08c85

  • SHA1

    44b0a9c5448d8701916bda20895381c070a549ae

  • SHA256

    b5b676f6285f7237570f2944e680f0772dd9b479807690c4d4bb28f53f7e38e2

  • SHA512

    c217803142b0c64c83467154377d41fe404626d5a7f00bbb74eaa85e207bf558e2e53149c41cf2d4c1a8eac3067a936144e4c81c61412b6fa67d9b93a31b2fcd

  • SSDEEP

    393216:f7KGBpHzGl3bf2d1i0i35Jz9ChruQX7NDN:uYpTGUPi0MLIhrbX7NDN

Score
8/10

Malware Config

Targets

    • Target

      NexLevel.exe

    • Size

      15.4MB

    • MD5

      dc10953a5a13efb02c9364e6402a59a5

    • SHA1

      46a9a168ca40850193575283327f0d76c20a7566

    • SHA256

      4dff0a17f8ad9a84e2fd81179d5e6f8b2a444f4628122a5d5f249ca2080460b5

    • SHA512

      56ad88e28887a8e221975dc5e5df6de1dd08ef43851f932b523292b120171bf4a8bcba0a151b22d76ce9493e495e0ebc281fab1948a76aabacade6742f04d296

    • SSDEEP

      393216:2ZkFsYUXRrGRBs66V1llpoFD45BS52wh:ROEHs6AjwFDk6f

    Score
    8/10

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      cpprest_2_10.dll

    • Size

      949KB

    • MD5

      d17a216108f4ff1983cf1206204527ff

    • SHA1

      79a3308291dfa6fed3e12b0de94ccd1b9362cdbd

    • SHA256

      9be87a4a41fbe7e966c594c4fdce39252e89c94a9d12c03efb7950e243732ff2

    • SHA512

      da1b723c116bf88e8e2cadeeebd47b3e1e20dad7dae79efd9aece398851d7d3398344670f77d707e4817171a193861082ec101b1aaf6317e21b798866ba91897

    • SSDEEP

      24576:LGfL80/+s0AjurOiunKq1xS3OyK4UK48OuPtGea7OlxgiN6hTNuaYD9x2oL0Wej6:LGfmAjurOiuvLB4mZ

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks