General

  • Target

    NoxieGenV1.rar

  • Size

    34.5MB

  • Sample

    240619-rv4s3awhnm

  • MD5

    de545acec932aa1786d0960e6cb84ef8

  • SHA1

    e6ab7f6bbf0f7ec33d844a93efaed66ab58d54a3

  • SHA256

    93fe2b1cd53b5112ad7b5a44333c7b66ae0e03b08ffdf37662202ac8fb70ce4b

  • SHA512

    545accc93dd1daeda18cde0d313b6ef3f072195e7b4e142016a565baa0d96ea6dfb69916ed76d264fac2489f8766d813e18596318c26de3f0bda1c679602ec25

  • SSDEEP

    786432:GHzqccwWMXqXMSDD91wodGissFkzsF13QyD6LSb0TEL+mnPpCQq5AgN0E+:GHmcRWs6Ma91+1z+9Qy3bRJkppR+

Malware Config

Targets

    • Target

      NoxieGenV1/NoxieV1.33.exe

    • Size

      44.6MB

    • MD5

      cdfabb41dc5991abd7af0be63ff903cc

    • SHA1

      3c4d9108dd3f7d66459a0bcdf8117e66018bd077

    • SHA256

      28d9bea8276018975660f1c6003112229d8baf1cd5894cb068563a7ef4557d9b

    • SHA512

      3c200234d8bdecfa82ad42423606d7d66780c5473448f8ac80a2207c0aeeabc72799bef4816ba98666cc68f0440bb97e6fd65451883f3bd17f453a4d154e5299

    • SSDEEP

      786432:TlWJZZljcVY3U5MBkt7oxDLR7MTL9770cAkYz9QEiabCHVxV7qM3kXC3s1bmTeyb:TMTvl3UGBk7oldAtvYzqaboxVOsTTzv

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks