Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 06:39
Behavioral task
behavioral1
Sample
Lithium-Nuker-V2-main.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lithium-Nuker-V2-main.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Lithium-Nuker-V2-main/Lithium Nuker V2.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Lithium-Nuker-V2-main/Lithium Nuker V2.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
log.pyc
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
log.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Lithium-Nuker-V2-main/README.md
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
Lithium-Nuker-V2-main/README.md
Resource
win10v2004-20240426-en
General
-
Target
Lithium-Nuker-V2-main/Lithium Nuker V2.exe
-
Size
18.2MB
-
MD5
59532c79ededb7008c69016fde693f0b
-
SHA1
0eb0141237e3772adbae53655cefc01d0e8b7c0f
-
SHA256
ae57fb7f1fbb32ce8265575d1ed01f2e5d26c92664ed255511e66478cfe2848c
-
SHA512
f6c309602a5dd0c993678487d1b1a99b976ede79563605e4e63dd4a04551098cf64557cf3515c362730a8a647f27021aab189f57b5c5afa52564c64dadf7eaf3
-
SSDEEP
393216:7hjsQtspjQETS/vJQ7L8AbVykTTA7X31uk:JsQtsdQEW/hQXpsSCl
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Lithium Nuker V2.exepid process 2348 Lithium Nuker V2.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Lithium Nuker V2.exedescription pid process target process PID 2096 wrote to memory of 2348 2096 Lithium Nuker V2.exe Lithium Nuker V2.exe PID 2096 wrote to memory of 2348 2096 Lithium Nuker V2.exe Lithium Nuker V2.exe PID 2096 wrote to memory of 2348 2096 Lithium Nuker V2.exe Lithium Nuker V2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Lithium-Nuker-V2-main\Lithium Nuker V2.exe"C:\Users\Admin\AppData\Local\Temp\Lithium-Nuker-V2-main\Lithium Nuker V2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\Lithium-Nuker-V2-main\Lithium Nuker V2.exe"C:\Users\Admin\AppData\Local\Temp\Lithium-Nuker-V2-main\Lithium Nuker V2.exe"2⤵
- Loads dropped DLL
PID:2348
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD55a5dd7cad8028097842b0afef45bfbcf
SHA1e247a2e460687c607253949c52ae2801ff35dc4a
SHA256a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce
SHA512e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858