Overview

overview

8

Static

static

1

token_nuker.py

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    token_nuker.py

  • Size

    16KB

  • Sample

    240712-qm487axekd

  • MD5

    8f6acb558baf76756877669016fae4a8

  • SHA1

    a2bf2895dc52bfa29218390b22a25cc0da4c57b2

  • SHA256

    c3c41499ebd28d30d94eee1a0ebeb40e28c855f2501dc9f06b93af8fff6ae1a1

  • SHA512

    b82907acb1c3f178ea331d102438436386cf3fd4466c02cb2cdd7cadc4e109536c2b2132e6153d2c93519192553b327a5e3d14741df70e7dac99c2fe1ec4d447

  • SSDEEP

    96:5Qm5VfIj6lYY545ekQo1QG/7ZYoVQG/7wOdoVQG/7ZLz1ef9EC:qmo84ioKGmoqGRdoqGtz1eWC

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      token_nuker.py

    • Size

      16KB

    • MD5

      8f6acb558baf76756877669016fae4a8

    • SHA1

      a2bf2895dc52bfa29218390b22a25cc0da4c57b2

    • SHA256

      c3c41499ebd28d30d94eee1a0ebeb40e28c855f2501dc9f06b93af8fff6ae1a1

    • SHA512

      b82907acb1c3f178ea331d102438436386cf3fd4466c02cb2cdd7cadc4e109536c2b2132e6153d2c93519192553b327a5e3d14741df70e7dac99c2fe1ec4d447

    • SSDEEP

      96:5Qm5VfIj6lYY545ekQo1QG/7ZYoVQG/7wOdoVQG/7ZLz1ef9EC:qmo84ioKGmoqGRdoqGtz1eWC

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks