General
-
Target
NEXU$.exe
-
Size
27.7MB
-
Sample
240506-lrzr2sgb5s
-
MD5
9f7d0bfe3985c340f42f039fbf9c52af
-
SHA1
8769d102239db1f9befeaa67b25a7c12ea9ccf2b
-
SHA256
bf782827fee0c2350eef32b486f7750a530d0e253187f85dd6b52af0b30c8a85
-
SHA512
988f00c929d7d01b887dc511e586cc75a14180b8b65f34cc293bb998174b667cd488d4e4fc777c183f0c29c744cf649fa520f7265e13486226f3f074cdaf3f81
-
SSDEEP
786432:TBvc42en9y+aJtShY9Q6SZKb0SReIMrRRMVb:T+cUSG8Zw09YVb
Behavioral task
behavioral1
Sample
NEXU$.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NEXU$.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
NEXU$.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
NEXU$.exe
-
Size
27.7MB
-
MD5
9f7d0bfe3985c340f42f039fbf9c52af
-
SHA1
8769d102239db1f9befeaa67b25a7c12ea9ccf2b
-
SHA256
bf782827fee0c2350eef32b486f7750a530d0e253187f85dd6b52af0b30c8a85
-
SHA512
988f00c929d7d01b887dc511e586cc75a14180b8b65f34cc293bb998174b667cd488d4e4fc777c183f0c29c744cf649fa520f7265e13486226f3f074cdaf3f81
-
SSDEEP
786432:TBvc42en9y+aJtShY9Q6SZKb0SReIMrRRMVb:T+cUSG8Zw09YVb
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-