Overview

overview

7

Static

static

7

Neverlose ...CT.bat

windows7-x64

7

Neverlose ...CT.bat

windows10-2004-x64

7

Neverlose ...V3.exe

windows7-x64

7

Neverlose ...V3.exe

windows10-2004-x64

7

Neverlose ...ol.exe

windows7-x64

7

Neverlose ...ol.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neverlose v3 Crack.rar

  • Size

    551KB

  • Sample

    240504-v9f74ach3s

  • MD5

    2bf260ff1429f587a9bbd74f22e2adb4

  • SHA1

    70248632884b1f00df7234a91bef2f8e05fed1b2

  • SHA256

    5aa5119d21fd4b205a0a38b83884ee8d89a587decef2b06e45dfe860abaf1bfd

  • SHA512

    466a7bf3022325d315bc47f97a91236765dc984506dc2f801ef54dd46dd2dbbf28385475a7c306c8f7ab993fcd7fb20fe2f3a1bf9bf7be55a47a364ed0cd9401

  • SSDEEP

    6144:594VU3ne7VR3S9ylNqTlP5KgdBlMWldMaJYviI5bPIEIrUqTbJv9dvicflSdbEKs:4VFr4yPqBzMuMaS3ZE9daZEKrxny

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      Neverlose v3 Crack/INJECT.bat

    • Size

      32B

    • MD5

      e12e7ab4cf4252cf410767ff19b8a64a

    • SHA1

      b400ac20dcf6c134e1172c51e18d68b7d45397e3

    • SHA256

      754d22f50641ee2fb88a393152672eb8549c72f2d34cb9a6e9f5b8ed91902eb5

    • SHA512

      3e1417e148f4c46e7ca29e5142c997ff73ec64b3ca7a6368eb77ff12b13485167659520b2a878c3e0917d13bc2b556a513abcaee95a7779d88a09977d431d8b5

    Score
    7/10
    persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      Neverlose v3 Crack/NeverloseV3.dll

    • Size

      249KB

    • MD5

      d72a4c85c7626cdc0e5b8b26bdda2f2e

    • SHA1

      0a9a25a7b942908f09b461e496992539898ebc3d

    • SHA256

      dc352774ef58bb680204077e11142008d5f89cdd73b7e3224edb70c1e26ec74a

    • SHA512

      0247dcf9239d7f0fa1d0a238c708a9ad93982876b14773c8278b988b19dadc6037b42c86e9e6afc949509d68a9f1194117e1d753efb6638971dc772168b1925a

    • SSDEEP

      3072:8TcLrFE/yEFPSKg8mwvZxUD9zRQFEtHfE9O2J09vKKMBK+GlPKsorf260Qru:SWcha8mwvZ2DfQF6c969vKfoBKsQV

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      Neverlose v3 Crack/off windows defender/dControl.exe

    • Size

      447KB

    • MD5

      58008524a6473bdf86c1040a9a9e39c3

    • SHA1

      cb704d2e8df80fd3500a5b817966dc262d80ddb8

    • SHA256

      1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326

    • SHA512

      8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31

    • SSDEEP

      6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks