1276fc4ba941790b7ff346015a7484c8e5ced881bac372aa2613db845f844272 | Triage

Sharing

General

Target

Nezur.zip
Size

459KB
Sample

240521-syjsqsad98
MD5

83c2a7893daa6117e9f8df158e8002c2
SHA1

a80a17015c93a8871f84d1a81f285ed91a00378c
SHA256

1276fc4ba941790b7ff346015a7484c8e5ced881bac372aa2613db845f844272
SHA512

5e66fd80f30289e7f307a2e359c5bc5b6e384516fa1c549d7cec8d5dd75c987b2be923e80f9b1a1ac73a126f85030cca35faaabe374fd089497d92f7c0a9ae7c
SSDEEP

12288:BLSTkqudsU0Yz3jBL75xwc4XscIFl4zA6fzvBLskwRq:tSYquuKjRdxwr81FlQxfDxskd

Score

8^/10

Malware Config

Targets

- Target
  
  Launcher.bat
- Size
  
  538B
- MD5
  
  01ac48e983457c1a18c9867c494ec0a5
- SHA1
  
  1ce3704aeb04d2bcdc0efe651e8ea6db5ab43925
- SHA256
  
  9a05346bfd0bb06538d2b143ad3b7156489719f0a98c6855abf993cbf0747d78
- SHA512
  
  0d0b95a428b92462744a13488a5debbd9aa947b41b7ceacff65d337158ed6b40f26ed85cd16e54e38f781a304d5c82b6af49ee2af9a00654bf6df99067dc14e4
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  lua51.dll
- Size
  
  592KB
- MD5
  
  3dff7448b43fcfb4dc65e0040b0ffb88
- SHA1
  
  583cdab08519d99f49234965ffd07688ccf52c56
- SHA256
  
  ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60
- SHA512
  
  cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394
- SSDEEP
  
  12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY
Score

3^/10
behavioral3 behavioral4
- Target
  
  luajit.exe
- Size
  
  89KB
- MD5
  
  f9897435f1b4edc09a6ad72f77599124
- SHA1
  
  162e440573e3b360e563e15dbf09a647dedb779d
- SHA256
  
  ae478debf2a6ec13d48276b1a6b6fea362feb412f8b995611b28dd2e9be24078
- SHA512
  
  56eb149c143521a3af8c44f52d3d14d885c030206a0de774fc895f6028d869f7d2f87c9b5bec5e13dd2ed3435c5872c40047ff0aae54c5a732a38408003ab72b
- SSDEEP
  
  1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6