Overview

overview

8

Static

static

1

Koala-Nuke...ain.py

windows7-x64

3

Koala-Nuke...ain.py

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Koala-Nuker1-main.zip

  • Size

    936KB

  • Sample

    240524-w25fdsef41

  • MD5

    8dc415aec0caf3cea523e69fd762828d

  • SHA1

    ccdeeea3775c9d09539ebb4faafd1be5555ce898

  • SHA256

    073a9eb9beb287c2badc5885dc2f6f1e5ace92225ab6764b23e009b0552f832a

  • SHA512

    9a8e7bc15e798dcc273a06fb1164f044f64cf456b0011cf794e659469f0a8d4b85b04f7e1c6e756db2e2d116ce47f13df5fb742b7d258db97d3e9e5fdf796d1e

  • SSDEEP

    24576:/InwcjDKfNCTVnIghNXyc2FWR1LqsJxc71cfP:AzzTXXV2297cufP

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Koala-Nuker1-main/main.py

    • Size

      7KB

    • MD5

      6ac602a2b5f0b3efdc0ec991f88cc110

    • SHA1

      12488017f7c34ff489d1cbbb17b23a00cfb3bc54

    • SHA256

      a76c475386e21f5c04426b263fc8e03b68c1344672eb07f6b61a3094de32e703

    • SHA512

      22b08e3a0c7438fb8a387dabfd67ca7806405d49a5cc8fa7524e14faefd87c532474ceef7a0187aab575d746d48ee12e4be5a8bc46cfc8a613fea33f210c9c2d

    • SSDEEP

      192:zbKypNi3WcHs0FxyxTdwTdLz3u8Z11OpEk:z+ENi3/Hs0FxyxTKTlu8D1OpEk

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks