Overview

overview

9

Static

static

3

Nighty.exe

windows10-2004-x64

9

Resubmissions

21-05-2024 14:24

240521-rqwlwshb3w 9

21-05-2024 13:04

240521-qa6lgseg78 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nighty.exe

  • Size

    128.5MB

  • Sample

    240521-rqwlwshb3w

  • MD5

    302de60224ceff1970999bc927b9a5ea

  • SHA1

    c3335605419f81521b76078319d53f1fc1aa5b90

  • SHA256

    c7faff5fb2e65b364befd2c2eeeb0fb30521b3f2600da24bcee3e8b8d17dbf1c

  • SHA512

    d0d161e8fc5613c7eabee4fdf6fc686e4b9bf1dbd67944a25a4119fe5b0b02e62c3888e7baaaabc68aecaf987d9cdbd9684d93789461b10bb4c7ce13faa8b855

  • SSDEEP

    3145728:mmls2Ny5/gYR/Lw4HTx+3MEwy+E9MPWzJVvK1nCdB6RPCanSC++vEH8CJ0Ll2:VyKydxzwz8eJ9LzJBmCcPCaSC1EHKL

Score
9/10
bootkitevasionpersistencepyinstallertrojan

Malware Config

Targets

    • Target

      Nighty.exe

    • Size

      128.5MB

    • MD5

      302de60224ceff1970999bc927b9a5ea

    • SHA1

      c3335605419f81521b76078319d53f1fc1aa5b90

    • SHA256

      c7faff5fb2e65b364befd2c2eeeb0fb30521b3f2600da24bcee3e8b8d17dbf1c

    • SHA512

      d0d161e8fc5613c7eabee4fdf6fc686e4b9bf1dbd67944a25a4119fe5b0b02e62c3888e7baaaabc68aecaf987d9cdbd9684d93789461b10bb4c7ce13faa8b855

    • SSDEEP

      3145728:mmls2Ny5/gYR/Lw4HTx+3MEwy+E9MPWzJVvK1nCdB6RPCanSC++vEH8CJ0Ll2:VyKydxzwz8eJ9LzJBmCcPCaSC1EHKL

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks