General
-
Target
Desktop.zip
-
Size
8.2MB
-
Sample
240629-y9p2savhje
-
MD5
f5c5f4572e0dc9f3c210a636885c1e4b
-
SHA1
df7731584614d2414d9b14c5d0f2d5223e3e742f
-
SHA256
f1f7dbd211cac3e16a911ad71a790c42d20a2f62711ff8a0918d8bd576cf41e4
-
SHA512
446cd5c863a71a2c8d8558c9a162b99012805b636fc3f3cc555c6836c7bb6bebdced148c6de3a77d9c277f900819ce2e6cea39672ef120f0a24a1e40cae3d086
-
SSDEEP
196608:NsjHWLtfvGzd6MZfeY5lqctrz8J+8uesYDYaASn1myj:Nsj2JOzt5k8z8J+8PTASB
Behavioral task
behavioral1
Sample
SuperNova.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
SuperNova.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
SuperNova.exe
-
Size
319KB
-
MD5
139874ded78aa99b323dba8eac9c9956
-
SHA1
b5baf7067dcb33b9679ec0188e27e93c3fd70369
-
SHA256
569f306077e35e7fbc449095ce624000939b8f27e68f6bcef908173675118ac9
-
SHA512
bc2bf447e8f06f8dbd3f55a1954ad6137abae2d3c57e471dc1d701ef3ae0dd2263a271af99c09b609b2eeb2c24548650182e1bc18ef75e78a0bf2b559006bc6b
-
SSDEEP
6144:Z4FLwAiLQyi6nn1VredEGZGa0Xv50evr1ChZ9bRPXlwAiLQT:ZILwAiG8f3GZ3Q1S9bR9wAiY
-
XMRig Miner payload
-
Creates new service(s)
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
2Service Execution
2Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1Power Settings
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Netsh Helper DLL
1