536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477

Sharing

Copy URL

Twitter E-mail

General

Target

nzbget-21.1-bin-windows-setup.exe
Size

5.4MB
Sample

240710-zke1ysygpq
MD5

4298f1eec6d7c8644844a28ceb92c0ed
SHA1

61723cec5870438763d21bb7259a76a631c8108f
SHA256

536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477
SHA512

87cc9ffcbb798f5fcb1338a106cba0867a36b7dd8c66b953df412a21a0afaf7a300c699f53d8f679ba64f3846111f92537f9821fe0128946503c9f631f2fd67c
SSDEEP

98304:jP9N0AuwizDGedVEpYE/s8NgJkjk4PbhpUuqibw96M8NYzI2iml5Zm2eOt:z9N/nizDGOEpbE8Qkx9pUM0kezI2iml9

Score

7^/10

Malware Config

Targets

- Target
  
  nzbget-21.1-bin-windows-setup.exe
- Size
  
  5.4MB
- MD5
  
  4298f1eec6d7c8644844a28ceb92c0ed
- SHA1
  
  61723cec5870438763d21bb7259a76a631c8108f
- SHA256
  
  536515ca1e57321c5de664441d3394c4cd63c603183e257275188b3a9e168477
- SHA512
  
  87cc9ffcbb798f5fcb1338a106cba0867a36b7dd8c66b953df412a21a0afaf7a300c699f53d8f679ba64f3846111f92537f9821fe0128946503c9f631f2fd67c
- SSDEEP
  
  98304:jP9N0AuwizDGedVEpYE/s8NgJkjk4PbhpUuqibw96M8NYzI2iml5Zm2eOt:z9N/nizDGOEpbE8Qkx9pUM0kezI2iml9
Score

7^/10

defense_evasion discovery privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  c10e04dd4ad4277d5adc951bb331c777
- SHA1
  
  b1e30808198a3ae6d6d1cca62df8893dc2a7ad43
- SHA256
  
  e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a
- SHA512
  
  853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e
- SSDEEP
  
  96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
Score

3^/10
behavioral3
- Target
  
  1cacert.pem
- Size
  
  299B
- MD5
  
  692cff94e65bda3b28cc904b22fc56f0
- SHA1
  
  adf4f7e4f83dd3cf2c3f70cc255ac63f6dfa47a0
- SHA256
  
  1d0832d4dfbd52bf038740ee8c62afe0bb948f9e8b6db0a3b98cb620413eff85
- SHA512
  
  8aae09c0461f2fc9dadb509603dadc8de93db6cc676fbb81a8b991b25c1bc942706ab202bc38ba81406c500eadfbde2f700334d995e9da54447e8d4beeafe1ea
Score

1^/10
behavioral4
- Target
  
  7za.exe
- Size
  
  1.1MB
- MD5
  
  e86eff95691b1c0e7e4f3e9cb1ae2e49
- SHA1
  
  d0acbf9ae29ec74acc67b53b2063bbc9739bc9e8
- SHA256
  
  8117e40ee7f824f63373a4f5625bb62749f69159d0c449b3ce2f35aad3b83549
- SHA512
  
  1c26201f214fc068d2d7f7c812be022dbc102077ef34bc1f231ac118aa04b94139cc2005628491747888faf95863241b3847524db097f4822b75f646f4345ff6
- SSDEEP
  
  24576:IyotkuwTgCfs7Ck+PCZbS1IJdJ0FAH48fw2:ITtkVxkdyCZbS1oCFo/fw
Score

1^/10
behavioral5
- Target
  
  UnRAR.exe
- Size
  
  389KB
- MD5
  
  94c5560944829c37ee0cd05bdbad23e7
- SHA1
  
  fbae6415d3731d44b02eab2f2c1186d17e8a4c1b
- SHA256
  
  11a51c1659a94961ef90f9947964e8888b5d1015a7e8d10343046f1a24aff5be
- SHA512
  
  a5d490f3db52a64b19ea3d10bbeb6be9f123c184a51291ac850863e07088925558ee12937a6c4a943b5b0102232548c10b63ec08b3e4cf2ea33f6fcd79113e86
- SSDEEP
  
  12288:rozefBbBsOURojnWRfcfoQ7jj4KHFebkOC:rozefpnWRfcfn34KHFEkOC
Score

3^/10
behavioral6
- Target
  
  install-update.bat
- Size
  
  8KB
- MD5
  
  187bad422e1454bae2a9475b7f2a68ac
- SHA1
  
  e4b73bf638980e07baa4f274b2493f6126afa349
- SHA256
  
  34a4770f34291eead7a9758d34892b37edcc21241058be857d34761142bffdd9
- SHA512
  
  3c670fa1cec1215f8606db154b894c6b71e601b0a16683f35d1467d49142d77fc5edb468ea98ce492539aad08179edbf3ef630b5202696776bc60a58b36d0877
- SSDEEP
  
  192:M3Qb8AL3uYf4m7v899+dQEad5dZSsGTRLCN5:MAbV3uYf4yUjNbky5
Score

1^/10
behavioral7
- Target
  
  nzbget-command-shell.bat
- Size
  
  1KB
- MD5
  
  0d0236fbf398240a4ba5ff34f0e01d45
- SHA1
  
  c28bb6b7c98d10ce6e97942b659b8b7b01a77370
- SHA256
  
  7be2e40ef3ced04313995ea9caa9ad348319df46cea3cab40332cf9e1c389b06
- SHA512
  
  3cca63c6249fd4c5288122abbc37108bd568c3123d0a60cc1c55ecae067e398176118725fc0261dab4a7120ab18b4d153015fa033841afd62a046487dc86458e
Score

1^/10
behavioral8
- Target
  
  nzbget.exe
- Size
  
  3.8MB
- MD5
  
  33173bfe811ff42f36f8ceb6baaa56e9
- SHA1
  
  6d8e46a9898c311a2c976d705ad2615035495672
- SHA256
  
  5509e8f270a358c40928df864334d311a29bd8bc0807abbf667d65c0ae87564b
- SHA512
  
  da37938f0e771609efb3020a8e09ab43b6c0ae2076b8803ec96ef32c46ce43bbe0a409376893c76b25f5c47a4694b717a67976432e0055ee3b3e7042d04c7209
- SSDEEP
  
  49152:zGtlqpQVwASOLyo2P9XnzMGC5SVgMr3JkCMrdxK7AEbNXiNMIU6iFTbQm4DhHD2t:QC95orb4M+XN600
Score

3^/10
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9