Overview
overview
10Static
static
10Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...ld.bat
windows10-2004-x64
1Neptune-St...dex.js
windows10-2004-x64
3Neptune-St...ll.bat
windows10-2004-x64
1Neptune-St...ain.py
windows10-2004-x64
3Neptune-St...al.bat
windows10-2004-x64
1Neptune-St...ad.bat
windows10-2004-x64
8Neptune-St...tor.py
windows10-2004-x64
3Neptune-St...per.py
windows10-2004-x64
3Neptune-St...mat.py
windows10-2004-x64
3Neptune-St...pt.exe
windows10-2004-x64
7General
-
Target
Neptune-Stealer.rar
-
Size
27.5MB
-
Sample
240505-t17s1seh4w
-
MD5
6b3d26257c71a6aff3960b9a294ca7ad
-
SHA1
ee5aa196f2a28277fdddb5dd8d6e24c5a7fae6fe
-
SHA256
36db131862e9f38c5e47cdb4aa1a35a8c95904039c1e5cbda5b6ba728fbebd79
-
SHA512
45b4ebe1930ffcd578898c1ade3ab3d6071cab329993e67af0d0b5b2b0b472a98b4d9ccfe606ff64337c1122a19c812de6308092d67b1e5fe7e8ec4e7c89b7a9
-
SSDEEP
786432:+HNPCO/Rn0pbYt8cZDIW0/Wcn6cbRXmyWXOG8f9:UNlp0uVZUW0bFm5XOf9
Behavioral task
behavioral1
Sample
Neptune-Stealer/.git/hooks/applypatch-msg.sample
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Neptune-Stealer/.git/hooks/commit-msg.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Neptune-Stealer/.git/hooks/fsmonitor-watchman.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
Neptune-Stealer/.git/hooks/post-update.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Neptune-Stealer/.git/hooks/pre-applypatch.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral6
Sample
Neptune-Stealer/.git/hooks/pre-commit.sample
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Neptune-Stealer/.git/hooks/pre-merge-commit.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral8
Sample
Neptune-Stealer/.git/hooks/pre-push.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Neptune-Stealer/.git/hooks/pre-rebase.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
Neptune-Stealer/.git/hooks/pre-receive.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
Neptune-Stealer/.git/hooks/prepare-commit-msg.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral12
Sample
Neptune-Stealer/.git/hooks/push-to-checkout.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Neptune-Stealer/.git/hooks/sendemail-validate.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
Neptune-Stealer/.git/hooks/update.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Neptune-Stealer/build.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral16
Sample
Neptune-Stealer/index.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
Neptune-Stealer/install.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
Neptune-Stealer/main.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
Neptune-Stealer/neptune injection/final.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral20
Sample
Neptune-Stealer/neptune injection/payload.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
Neptune-Stealer/obfuscator.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral22
Sample
Neptune-Stealer/tools/Pumper.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
Neptune-Stealer/tools/cookie_reformat.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
Neptune-Stealer/tools/run_script.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Neptune-Stealer/.git/hooks/applypatch-msg.sample
-
Size
478B
-
MD5
ce562e08d8098926a3862fc6e7905199
-
SHA1
4de88eb95a5e93fd27e78b5fb3b5231a8d8917dd
-
SHA256
0223497a0b8b033aa58a3a521b8629869386cf7ab0e2f101963d328aa62193f7
-
SHA512
536cce804d84e25813993efdd240537b52d00ce9cdcecf1982f85096d56a521290104c825c00b370b2752201952a9616a3f4e28c5d27a5b4e4842101a2ff9bee
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/commit-msg.sample
-
Size
896B
-
MD5
579a3c1e12a1e74a98169175fb913012
-
SHA1
ee1ed5aad98a435f2020b6de35c173b75d9affac
-
SHA256
1f74d5e9292979b573ebd59741d46cb93ff391acdd083d340b94370753d92437
-
SHA512
d6bb7fa747f4625adf1877f546565cbe812ca7dd4168f7e9068e6732555d8737eba549546cf5946649e3f38de82d173aaf9c160a4c9f9445655258b4c5f955eb
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/fsmonitor-watchman.sample
-
Size
4KB
-
MD5
a0b2633a2c8e97501610bd3f73da66fc
-
SHA1
0ec0ec9ac11111433d17ea79e0ae8cec650dcfa4
-
SHA256
e0549964e93897b519bd8e333c037e51fff0f88ba13e086a331592bf801fa1d0
-
SHA512
5168643c1768ec83554a9066754507a781b6d14251a46a469222d462efc6ca87a72c90679154e8a723349c91e7772b32ac9b08dfe313cded0ee0a6f17885079e
-
SSDEEP
96:GFCscBOvOFXDgRvi/3UCwN4ZlkRo/j5SpoNOBoi+geBIzCa:GFCsEOmWRa8CwN4ZqRo7geEk3IzCa
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/post-update.sample
-
Size
189B
-
MD5
2b7ea5cee3c49ff53d41e00785eb974c
-
SHA1
b614c2f63da7dca9f1db2e7ade61ef30448fc96c
-
SHA256
81765af2daef323061dcbc5e61fc16481cb74b3bac9ad8a174b186523586f6c5
-
SHA512
473ad124642571656276bf83b9ff63ab1804d3c23a5bdae52391c6f70a894849ac60c10c9d31deff3938922ce83b68b1e60c11592bbf7ea503f4acd39968cefa
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-applypatch.sample
-
Size
424B
-
MD5
054f9ffb8bfe04a599751cc757226dda
-
SHA1
f208287c1a92525de9f5462e905a9d31de1e2d75
-
SHA256
e15c5b469ea3e0a695bea6f2c82bcf8e62821074939ddd85b77e0007ff165475
-
SHA512
cb78aa7e9b9c146e5db65d86dd83f04e2b6942a06fab50c704a0fd900683f3b6ad1164e74afe2f267f6da91cdff0b9ab07713e12cefc6f8d741b5df194f4fda6
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-commit.sample
-
Size
1KB
-
MD5
305eadbbcd6f6d2567e033ad12aabbc4
-
SHA1
a79d057388ee2c2fe6561d7697f1f5efcff96f23
-
SHA256
f9af7d95eb1231ecf2eba9770fedfa8d4797a12b02d7240e98d568201251244a
-
SHA512
7cfb0a58abed1915ee1b261a1c661c7e2deea4e9227f77f5875af1a25c82e19245ba12dcb2f5052d994d0e81a3465daf37f9d8c670e17f9c96742f60fdfaaa56
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-merge-commit.sample
-
Size
416B
-
MD5
39cb268e2a85d436b9eb6f47614c3cbc
-
SHA1
04c64e58bc25c149482ed45dbd79e40effb89eb7
-
SHA256
d3825a70337940ebbd0a5c072984e13245920cdf8898bd225c8d27a6dfc9cb53
-
SHA512
e4dc204494f5062efa3032b00c64707a4f38978040482501b3e085f071e3ee5a9737d537e6a52002ceb4ebe2bfe09e555c5d969581e80b3eba2a922015c67960
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-push.sample
-
Size
1KB
-
MD5
2c642152299a94e05ea26eae11993b13
-
SHA1
a599b773b930ca83dbc3a5c7c13059ac4a6eaedc
-
SHA256
ecce9c7e04d3f5dd9d8ada81753dd1d549a9634b26770042b58dda00217d086a
-
SHA512
cc98bbe0e3865e2023af04416e10689e3aecd3f3928cf90c2acc0d3d7306388886779025c8967c8ea198af1f4fe29d16c65d4e1d546c7a8fa513f5ba7df16850
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-rebase.sample
-
Size
4KB
-
MD5
56e45f2bcbc8226d2b4200f7c46371bf
-
SHA1
288efdc0027db4cfd8b7c47c4aeddba09b6ded12
-
SHA256
4febce867790052338076f4e66cc47efb14879d18097d1d61c8261859eaaa7b3
-
SHA512
00d21d5d72386c3d9b5a1c36ba85201f730556a8295d4353af54af7892ab81010d42aff209ec1fda61c54e4dda3737cea5fda64f09d40ce5004ae28239565025
-
SSDEEP
96:vJ7EgXasqXq6zaqK1ep8m5MDVUT2bTEwEWDhG38deyig9yhCLtQH:vJ4gXasI1zaqKwUTHhzeyil4tm
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/pre-receive.sample
-
Size
544B
-
MD5
2ad18ec82c20af7b5926ed9cea6aeedd
-
SHA1
705a17d259e7896f0082fe2e9f2c0c3b127be5ac
-
SHA256
a4c3d2b9c7bb3fd8d1441c31bd4ee71a595d66b44fcf49ddb310252320169989
-
SHA512
ee08c11fab7e896b2e09c241954ba7640338b12c75cd8040daf053c31b2f22236d7a0deac736f89d305236312fdb4f560a38d4d8debdcc9dcdd23b2d975907d5
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/prepare-commit-msg.sample
-
Size
1KB
-
MD5
2b5c047bdb474555e1787db32b2d2fc5
-
SHA1
2584806ba147152ae005cb675aa4f01d5d068456
-
SHA256
e9ddcaa4189fddd25ed97fc8c789eca7b6ca16390b2392ae3276f0c8e1aa4619
-
SHA512
50ec8a0dd98427e80a82a8d8ce44462a845876e1594c9d0e89483ce9a8aaad616edea0e5c45c1bb69d8fe7f520c6f2260d6fa350d77b400899c3ae375e965bfb
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/push-to-checkout.sample
-
Size
2KB
-
MD5
c7ab00c7784efeadad3ae9b228d4b4db
-
SHA1
508240328c8b55f8157c93c43bf5e291e5d2fbcb
-
SHA256
a53d0741798b287c6dd7afa64aee473f305e65d3f49463bb9d7408ec3b12bf5f
-
SHA512
586efb6a206f73d8a94561266153a624e2753830bc431a283bed998c46ac00a9df4995ddfd0aa852b1a22b4672c80f2c33cee3fe2e3321e392ff4cef26dbf75e
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/sendemail-validate.sample
-
Size
2KB
-
MD5
4d67df3a8d5c98cb8565c07e42be0b04
-
SHA1
74cf1d5415a5c03c110240f749491297d65c4c98
-
SHA256
44ebfc923dc5466bc009602f0ecf067b9c65459abfe8868ddc49b78e6ced7a92
-
SHA512
a19dbbc2ef6c367aadbfb900ae58c377d88ac9b6c0ac6de49c962d44d993418875f64143defda56bae8d0697dcd15be2928d32aa77508d3958769f18a4a53154
Score3/10 -
-
-
Target
Neptune-Stealer/.git/hooks/update.sample
-
Size
3KB
-
MD5
647ae13c682f7827c22f5fc08a03674e
-
SHA1
730e6bd5225478bab6147b7a62a6e2ae21d40507
-
SHA256
8d5f2fa83e103cf08b57eaa67521df9194f45cbdbcb37da52ad586097a14d106
-
SHA512
be3780974589d06eddba6fa0aa15a3e3dfe390e2827a1a6ae5cb83d6ac47e79ef9b1bbb53f067372f8dc70db0350d3770e78537fd3cfe734200ff824eca4cada
Score3/10 -
-
-
Target
Neptune-Stealer/build.bat
-
Size
734B
-
MD5
1a0f43689186eb6dc7638ec72d5163ff
-
SHA1
d425b292743605ca53ed1772def4eeae44e2ab14
-
SHA256
78c48bbdfc80dad96a91d87e00da3544f633b8602008b3a458d6a51306c7b86e
-
SHA512
a7a7dc92db73b61acb4e82d58e7e0d34c0ad3fd1e2244382a4086f9d046b241e4ec7b0abb7ec8ae1ff723edb6bbcffd6ca0e10d450793dd1709252a54378e498
Score1/10 -
-
-
Target
Neptune-Stealer/index.js
-
Size
36KB
-
MD5
11ea2c5f8f02dd58bc54699bbd370c55
-
SHA1
7f97ee706b5e6d8e51710a500707e5db34782ab0
-
SHA256
025b6094c77f1a2e7af740b8a49c76d1edb1ca579f832ab1793c69dcb4223c95
-
SHA512
f527958800418edad32601f1f67ff4fa605d7711bc66017f8fa2d7d6634cf7f9587db948b29cb9adfd03985f301214157965db228964920a5da84164b6117fa7
-
SSDEEP
768:SALpSySkS3SLSySUSyS2S3SdSyS/S3SpSySFS3SE9v2ZLtbeSSS2SXSwXnSSSh:SALaq9Da
Score3/10 -
-
-
Target
Neptune-Stealer/install.bat
-
Size
31B
-
MD5
ed479ebacddedec77a46c27cc0e6a94d
-
SHA1
7b1855527317d0124ebeb726defa838d54e9b663
-
SHA256
f634394e6be6cb445c6bc8191ae89e2f0de21f2214dc16b9cd2e080ad660b1dc
-
SHA512
41fd6db1b319fceac0d1796b4183cec97e40ddd6ac919cce89bbd531e4e0153e7d607732177359d4e2719170b495cb70cefac806d3c90975cb85eab10bcd8fda
Score1/10 -
-
-
Target
Neptune-Stealer/main.py
-
Size
132KB
-
MD5
2ff241435d9b16d284c9d70ca1981e86
-
SHA1
5f3ea0fa89a37206e728ce8a5a64f24f1545d479
-
SHA256
d5f09d7355070d7e60d5bc0f79288df26fdc494d92c6a9467b1ae1232ddc8876
-
SHA512
8ca458206013ca07c82c6d8c98fb4bb78f79a7ef7858ba40e0866f4c75b9aced52634a8b56f15db4cc4bf50cd46b5548741623c943e6b01953402f74f3ee3084
-
SSDEEP
1536:FsoWfxPvvsfYhxPuR2BEz+mKtnCFl2NOmOorPKtpOz3rkpznn/8K3TWiixelRj96:Fpf2KIZCHnmOppOzQzH3T791Zrq
Score3/10 -
-
-
Target
Neptune-Stealer/neptune injection/final.bat
-
Size
1KB
-
MD5
e52ffc30088c2eaa4b820d16edf1bc48
-
SHA1
5039c175ef76f135ea63d96fbcd5a459b2a6334c
-
SHA256
41fab22cd37aa4e66c362215eda0d8bf9ff82d950e1661f528921811fb99b88f
-
SHA512
2c58ba2914979d64b85e880d50439782dd4e002bfb2c2631070d15f7be5e4686cbe5ffc8719add0181ffdb1db7548ff8f4d628287dd31bf3827a3928df84bed9
Score1/10 -
-
-
Target
Neptune-Stealer/neptune injection/payload.bat
-
Size
783B
-
MD5
f3622964d873bc11a087a2e4e82603f5
-
SHA1
96ac588a7c7956e4a687adf8c7a33375e70b9a78
-
SHA256
57a263233f21dd60a1723a6dddfb09b9eb2a6184ac7746b9b1b0ef6d498f26d4
-
SHA512
c367c1c88b4f172a788f3e64bd29bed634b0f687102681269f72aad854db17360c5f6442156ae11de106707c1bd71a8d0e0c32a48eb8f18d238ccfc0b793969e
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Neptune-Stealer/obfuscator.py
-
Size
6KB
-
MD5
a89b08d779038479f7bd2e8a756a3e8b
-
SHA1
31043473ada9e10ca31e796adcaa0e9b5c39d92f
-
SHA256
7f77c727eda2fe9ac5b2570bb3459b055fefd99a1ef2b0fa08954609a3c2bfad
-
SHA512
713183433fa5cd066300011e5b3c3ba4ca015990d29d02c8b9377cde4d87d43c997d864db9a399752ce959db0095a030d99c3b50bd218af8a0aff3397c40f308
-
SSDEEP
192:fgcdAG5zjG851aPDqOhaHjxc/O9JzZ+O96EIGCWy:fzFzjG85syjOG9J119HIGCL
Score3/10 -
-
-
Target
Neptune-Stealer/tools/Pumper.py
-
Size
369B
-
MD5
3832cecb4a8f635c6b051fb0e87b2a68
-
SHA1
b38d06cf676dae88016bc718c9e31da86376ced6
-
SHA256
2ec0fe9f255219483f38b323da4adb26d817cca78673a13b3ad8def26c523479
-
SHA512
1cf01894d7aa630d7930bd2152d0fd1828e0d68ac0594c1f81fb581320b45aa764bff35ad71f40bb9e362490da65bd100b388813725ffded6c4d98adc9fda24f
Score3/10 -
-
-
Target
Neptune-Stealer/tools/cookie_reformat.py
-
Size
530B
-
MD5
7cc84961f09b62bfe20a6e6f75064bd2
-
SHA1
9926a4927934b1aacda01b5fb6ae4238ce6065e2
-
SHA256
b728e24260c69e2c59896f9f2f1c8f78f3d4807e2a84d4527d2abf6ab45e79d0
-
SHA512
964bb1722b72106969cd68ab3bb3871c058099f54128e2f3dc46d3d925c727e72186551f0fb5978604a4e4f7e7b447f4b1a013b0ccef1fc2ff2557c23e89b53a
Score3/10 -
-
-
Target
Neptune-Stealer/tools/run_script.bat
-
Size
33.1MB
-
MD5
d1a39d1fa53d8da2611ad91c91a1676e
-
SHA1
140b8851213dce617a029a03f6823a68511f3e26
-
SHA256
dbfc2291b18a27b4a17011028e88583f73c2fb3295858187dba4b768ff47b1ef
-
SHA512
d80698b0c3575f2579c4ddf02f0411384d0aab0537ce2c482f1ee5577228f7470858cf049d16251f8acd522a1cadc0da7b02a698f79d78d041cff62fd1fb342f
-
SSDEEP
393216:2QgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgW96l+ZArYsFRlI:23on1HvSzxAMNWFZArYsA
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-