General

  • Target

    nightware_pasted.zip

  • Size

    112.0MB

  • Sample

    240611-p4sfaaxejf

  • MD5

    ab85ef6ea98aedff34941afe2adb70c6

  • SHA1

    44f40c22f041a2ad0e8f090e49244469fec408f0

  • SHA256

    12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036

  • SHA512

    486f8c3c85806e81f874759ef50b588267cbb961fac6e537314da3cc2a1fb3c82a5322145049d623e757c0c979d17cdd6bee9cfc64feede69af3a323c820d51a

  • SSDEEP

    3145728:mbcMttOf6aZRhMO0gHU1pD0ozalllpMICKTEa83os5aPAAhY2an:WccOfRhNA1pIoyCaEdMPAkK

Score
9/10

Malware Config

Targets

    • Target

      nightware_pasted.zip

    • Size

      112.0MB

    • MD5

      ab85ef6ea98aedff34941afe2adb70c6

    • SHA1

      44f40c22f041a2ad0e8f090e49244469fec408f0

    • SHA256

      12c03ef329d173728898959b9f406d2fcecec97b21489ab1f8f9acca5066b036

    • SHA512

      486f8c3c85806e81f874759ef50b588267cbb961fac6e537314da3cc2a1fb3c82a5322145049d623e757c0c979d17cdd6bee9cfc64feede69af3a323c820d51a

    • SSDEEP

      3145728:mbcMttOf6aZRhMO0gHU1pD0ozalllpMICKTEa83os5aPAAhY2an:WccOfRhNA1pIoyCaEdMPAkK

    Score
    9/10
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks