b5343e06af3eea0c72fed2b28f31600f615330a18fa85f2139f3e9ed8d479124 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nuker Dev.rar
Size

13.0MB
Sample

240701-xjt3daxeqq
MD5

d4f7388a1966c26b26190cff31f19244
SHA1

a80aa9eeec0da06980625aff2d245c7a79cca5df
SHA256

b5343e06af3eea0c72fed2b28f31600f615330a18fa85f2139f3e9ed8d479124
SHA512

f30d803e148e2ad1ffa418306b3e622f36ade5dd66e27e57d75f9003bef59ed8b8112c3bbc2dae2994961f6e82e8023569158e6ca5269ba7f23a5e9d5ad99afa
SSDEEP

196608:t6diMFSkXS3p5cQ/JLnBfx+w94V6LA/zpPyU8THtjSkBLQrDopHYU9iVTLHX7RSo:o+vcsBnBZf4V6LMzMTtjSRnoyL3FIyB

Score

7^/10

persistence privilege_escalation pyinstaller

Malware Config

Targets

- Target
  
  Nuker Dev/Saturn.exe
- Size
  
  13.3MB
- MD5
  
  66f5fae4e2457f0d9b07f18fe5bee527
- SHA1
  
  d8d145c608a36675653723a25ff1427186dbb192
- SHA256
  
  84d9993270b3303705fb54b58c8f506c212e6a1f3c292bdf2c228bbb8c3c6989
- SHA512
  
  a7db39a88b2bc30cf73dc17b4936660907188ebac18116e7c0619fc518d6fc13ca5517dfe0919e0d5c9b8d6d10c3c65eacdbffb6edd09be9e543e7d9b55b740e
- SSDEEP
  
  393216:gDKHi+2ohcyLvQETSCvJtOqcSchu+DIuMC:gOHiRyc0vQEWChMSYL
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
behavioral1 behavioral2
- Target
  
  Nuker Dev/install.bat
- Size
  
  44B
- MD5
  
  c967fe84326da62d40bb652fe67f90ba
- SHA1
  
  c79bc240ce0f78ee74b49e859700f27ca1d02189
- SHA256
  
  1f79eb6b0cd4379e4fcc4ad045168eb0d858fd527685209bd3c4471e61c4dc90
- SHA512
  
  2fc69115d471b9960008c7973bda73acc2c6d40302ecbd54a2729ae5b5d25937c890bf49596fc08d1ab50b92a5538a9685cca022ba0efd6378c48c69842f8f79
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalation

behavioral3

behavioral4