Overview
overview
10Static
static
10Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...sample
windows10-2004-x64
3Neptune-St...ld.bat
windows10-2004-x64
1Neptune-St...dex.js
windows10-2004-x64
3Neptune-St...ll.bat
windows10-2004-x64
1Neptune-St...ain.py
windows10-2004-x64
3Neptune-St...al.bat
windows10-2004-x64
1Neptune-St...ad.bat
windows10-2004-x64
8Neptune-St...tor.py
windows10-2004-x64
3Neptune-St...per.py
windows10-2004-x64
3Neptune-St...mat.py
windows10-2004-x64
3Neptune-St...pt.exe
windows10-2004-x64
7Analysis
-
max time kernel
136s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 16:32
Behavioral task
behavioral1
Sample
Neptune-Stealer/.git/hooks/applypatch-msg.sample
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Neptune-Stealer/.git/hooks/commit-msg.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Neptune-Stealer/.git/hooks/fsmonitor-watchman.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral4
Sample
Neptune-Stealer/.git/hooks/post-update.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
Neptune-Stealer/.git/hooks/pre-applypatch.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral6
Sample
Neptune-Stealer/.git/hooks/pre-commit.sample
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Neptune-Stealer/.git/hooks/pre-merge-commit.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral8
Sample
Neptune-Stealer/.git/hooks/pre-push.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
Neptune-Stealer/.git/hooks/pre-rebase.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
Neptune-Stealer/.git/hooks/pre-receive.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
Neptune-Stealer/.git/hooks/prepare-commit-msg.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral12
Sample
Neptune-Stealer/.git/hooks/push-to-checkout.sample
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Neptune-Stealer/.git/hooks/sendemail-validate.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
Neptune-Stealer/.git/hooks/update.sample
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Neptune-Stealer/build.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral16
Sample
Neptune-Stealer/index.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
Neptune-Stealer/install.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
Neptune-Stealer/main.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
Neptune-Stealer/neptune injection/final.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral20
Sample
Neptune-Stealer/neptune injection/payload.bat
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
Neptune-Stealer/obfuscator.py
Resource
win10v2004-20240419-en
Behavioral task
behavioral22
Sample
Neptune-Stealer/tools/Pumper.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
Neptune-Stealer/tools/cookie_reformat.py
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
Neptune-Stealer/tools/run_script.exe
Resource
win10v2004-20240426-en
General
-
Target
Neptune-Stealer/neptune injection/final.bat
-
Size
1KB
-
MD5
e52ffc30088c2eaa4b820d16edf1bc48
-
SHA1
5039c175ef76f135ea63d96fbcd5a459b2a6334c
-
SHA256
41fab22cd37aa4e66c362215eda0d8bf9ff82d950e1661f528921811fb99b88f
-
SHA512
2c58ba2914979d64b85e880d50439782dd4e002bfb2c2631070d15f7be5e4686cbe5ffc8719add0181ffdb1db7548ff8f4d628287dd31bf3827a3928df84bed9
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid process target process PID 5148 wrote to memory of 5520 5148 cmd.exe iexpress.exe PID 5148 wrote to memory of 5520 5148 cmd.exe iexpress.exe
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Neptune-Stealer\neptune injection\final.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:5148 -
C:\Windows\system32\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\2exe.sed2⤵PID:5520
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\2exe.sedFilesize
1KB
MD57064ef44cbdaff5f3fc679965a67c600
SHA1f4ad28dac71990276b97fa56c11eed3f92c576ad
SHA2567840c6307661071990f8d7e60f525811c957b5fce14a9245e4b6ab70fae9d4f3
SHA512d4f31dd08381a31551f9ed78ce3df268858080ed8d5322046eec925a6d5d5e84306722b5f4996018338d68807b74c5e40e42ef17f4d5905e8e5aad67ccdef77c