Overview

overview

8

Static

static

3

N.E.T.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    N.E.T.exe

  • Size

    18.0MB

  • Sample

    240527-v5tbvsbg6w

  • MD5

    6302b3d67260b4f7c8070b57ce5d68f7

  • SHA1

    023506ac0f643a879191b9ffc4a58a7d00688f61

  • SHA256

    c216a1902fa1858bf18e193bb4e3710bbd3970095ec3579ff9b6813ff0b6b91e

  • SHA512

    b375986168fae78a86501eb65c1d21151ece6437c895ff873e4bb4f1c22e1d924c98172010c57248b344be0d26a24a9d7c78a094fa9da267b0948521902fa494

  • SSDEEP

    393216:c/OL3/dqqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln+E4UK1hAYEuK+:jsD4bX71QtIDa8DZcIl+t1jK+

Score
8/10
executionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      N.E.T.exe

    • Size

      18.0MB

    • MD5

      6302b3d67260b4f7c8070b57ce5d68f7

    • SHA1

      023506ac0f643a879191b9ffc4a58a7d00688f61

    • SHA256

      c216a1902fa1858bf18e193bb4e3710bbd3970095ec3579ff9b6813ff0b6b91e

    • SHA512

      b375986168fae78a86501eb65c1d21151ece6437c895ff873e4bb4f1c22e1d924c98172010c57248b344be0d26a24a9d7c78a094fa9da267b0948521902fa494

    • SSDEEP

      393216:c/OL3/dqqY4gP8AxYDX1+TtIiFYY9Z8D8Ccl6ln+E4UK1hAYEuK+:jsD4bX71QtIDa8DZcIl+t1jK+

    Score
    8/10
    executionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks