Overview

overview

8

Static

static

3

NXYEdge.exe

windows10-2004-x64

8

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/certmgr.exe

windows10-2004-x64

1

NXYEdgeInput.exe

windows10-2004-x64

7

NXYEdgeService.exe

windows10-2004-x64

5

NXYPassGuardX.exe

windows10-2004-x64

1

certmgr.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NXYEdge.exe

  • Size

    6.6MB

  • Sample

    240716-k6hlmsvemn

  • MD5

    53d4fdeb8399179c42721b82d85a7038

  • SHA1

    ec8d3dd9c83de4b92b9830fc86a070ed23c2886a

  • SHA256

    96112951c9628ff19dd9be4dd43f48d236fded6f9a4383cd8547ccba12577ba9

  • SHA512

    1ef2cc1c7d8a3ee28d9a4130fde5ae63f7ada228a0b6866cacfa8a3a1ec97691cad5938775a754a378530c0eb1568e41c51dbb26b0e6c9063db25c1d3d6cc723

  • SSDEEP

    196608:/TxiIjOPy6ybJ1KGhOdFMkYLyL4g92OENYsLYR0:/TxiIj2WKGhO2yL4g92OE+sLYR0

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      NXYEdge.exe

    • Size

      6.6MB

    • MD5

      53d4fdeb8399179c42721b82d85a7038

    • SHA1

      ec8d3dd9c83de4b92b9830fc86a070ed23c2886a

    • SHA256

      96112951c9628ff19dd9be4dd43f48d236fded6f9a4383cd8547ccba12577ba9

    • SHA512

      1ef2cc1c7d8a3ee28d9a4130fde5ae63f7ada228a0b6866cacfa8a3a1ec97691cad5938775a754a378530c0eb1568e41c51dbb26b0e6c9063db25c1d3d6cc723

    • SSDEEP

      196608:/TxiIjOPy6ybJ1KGhOdFMkYLyL4g92OENYsLYR0:/TxiIj2WKGhO2yL4g92OE+sLYR0

    Score
    8/10
    discoveryspywarestealer

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      a436db0c473a087eb61ff5c53c34ba27

    • SHA1

      65ea67e424e75f5065132b539c8b2eda88aa0506

    • SHA256

      75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

    • SHA512

      908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

    • SSDEEP

      192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e

    Score
    3/10
    behavioral3

    • Target

      $PLUGINSDIR/killer.dll

    • Size

      6KB

    • MD5

      16205cd992d3b3827573f93ab8923e4e

    • SHA1

      4eece7a206ee619264d686ca1b3021b9f482866b

    • SHA256

      967d66f23cf3d9d3e5a4d6a9c6e366e792a98cc8a293196095b10cd82da9a695

    • SHA512

      257b2047b8e9303457bb050a760b8d2577da55642e4fb02933e6188d0591ff8adfe0c8df2a441577466f23a8e3bff2e94e9cfcfc381c4d255935123996c06d6d

    • SSDEEP

      48:CRNdQ/SbTfx6gA6IMzLvM0Aoy3TYzyixX9o1TNRgPEgt/b82ebRuqSd7:mNGajxG+PWTwlSbpx

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      ab73c0c2a23f913eabdc4cb24b75cbad

    • SHA1

      6569d2863d54c88dcf57c843fc310f6d9571a41e

    • SHA256

      3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457

    • SHA512

      99d287b5152944f64edc7ce8f3ebcd294699e54a5b42ac7a88e27dff8a68278a5429f4d299802ee7ddbe290f1e3b6a372a5f3bb4ecb1a3c32e384bca3ccdb2b8

    • SSDEEP

      96:EBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4MndY7ndS27gA:E6n+0SAfRE+/8ZYxldqn420

    Score
    3/10
    behavioral5

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      14f5984b926208de2aafb55dd9971d4a

    • SHA1

      e5afe0b80568135d3e259c73f93947d758a7b980

    • SHA256

      030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1

    • SHA512

      e9ec97dd57ead871789d49ed38d9fde5f31d3cb2547810cae49a736e06b9f9b28cf8efea825eb83c3e07d880ee798abfb9069c6957416d5973c83e4531814e27

    • SSDEEP

      96:k7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNJ38:Wygp3FcHi0xhYMR8dMqJVgN

    Score
    3/10
    behavioral6

    • Target

      $TEMP/certmgr.exe

    • Size

      73KB

    • MD5

      d56b22e2495e4cb73aefe3faef046c93

    • SHA1

      383e9460d2426a98abfaad0e8dfca7dd436733c9

    • SHA256

      38fe38349068c264ff653c2d1d273f2a8154f0da485364d962b83f2a75bddb45

    • SHA512

      6d6213d6122d85171b910c392c717cd1a19d14f0b483accaf33f8677c841f92ccae4092fc47740a8a2a57098b68208416197c84b62ea41bd5790cf3c1b905dfa

    • SSDEEP

      1536:ZI4kDjGubbXp3aGePmImYw+WXsA9iYzv7AA18Cy/S:u4Ybbb5qxPmImt+WXsoD8Cy/S

    Score
    1/10
    behavioral7

    • Target

      NXYEdgeInput.exe

    • Size

      5.5MB

    • MD5

      b85f929d952a24f4cdafeadd840ae25e

    • SHA1

      96ef8ace7e53f43fd7817d02a05dfdda98b2c64d

    • SHA256

      1ae5cc383a4a34be3d0dbf4c8055a25ce2472b1d6e835f653b6df1828aaa29dc

    • SHA512

      e3afc5a2eb0e94a6f01d6f60b471181d41d883ef0d9b03d6236f1f547fcd3898432468a52beb15cc8a88ce3eee6e8ee01624adb4b3834c86748700340000c2f8

    • SSDEEP

      98304:co1yd/vl4r4h3D4Ug/3/jW+Yc/2ixfYOdV3UE6xdCielrBCJVOmZsmCk8xaMQYfl:cl/d4M3bg/3/jrROiZPMEiLJEmOmCTxv

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral8

    • Target

      NXYEdgeService.exe

    • Size

      355KB

    • MD5

      e7a6b7c8398b00a009eef67844539e72

    • SHA1

      9bf746c47b00df4ff4f4818010be0d6b16a7f5ad

    • SHA256

      76679bedf2c5959c700796902deea745bf3b567466216fcfaf12d8692b5c85a2

    • SHA512

      fd94a4f94051aa103db9077cf0c0a533811dd9f4c6046401a5bc4ffd93199f7cd6303237cb77dce0565ab35fdd2e78786b28e0aaad5b367db7750513b26a915b

    • SSDEEP

      6144:0L7a/neL1hvT45VRsHo3LKZQkQsKHYq2tTZsFf5DkKnoGptdue2N4awed280:Y4eL3U53sHuOQkQsKHH1znBtdun2awey

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral9

    • Target

      NXYPassGuardX.exe

    • Size

      1.0MB

    • MD5

      548f3296c90ceea8c85bab693f032093

    • SHA1

      b9d0aa44e47dc3784607c08d4aac47d23c3fcbc0

    • SHA256

      a0dfb5ee551c888a221b2763b67560e5032deaf78c448e9d699f97d7dbd248b3

    • SHA512

      35ce5962d50114682a1f7f62bbcdc83d4f6fa9e3d899df46b31d9575b24b3b202bf54bf199128069c5d03768898ef36737adeda42e5e1bdbc8b2b282afc34fc6

    • SSDEEP

      24576:qLPh4AjgcRov+reCJUcvVvCAyuHsJVvUwr+I1:qLPh4DjCeCDvF1lw56y

    Score
    1/10
    behavioral10

    • Target

      certmgr.exe

    • Size

      73KB

    • MD5

      d56b22e2495e4cb73aefe3faef046c93

    • SHA1

      383e9460d2426a98abfaad0e8dfca7dd436733c9

    • SHA256

      38fe38349068c264ff653c2d1d273f2a8154f0da485364d962b83f2a75bddb45

    • SHA512

      6d6213d6122d85171b910c392c717cd1a19d14f0b483accaf33f8677c841f92ccae4092fc47740a8a2a57098b68208416197c84b62ea41bd5790cf3c1b905dfa

    • SSDEEP

      1536:ZI4kDjGubbXp3aGePmImYw+WXsA9iYzv7AA18Cy/S:u4Ybbb5qxPmImt+WXsoD8Cy/S

    Score
    1/10
    behavioral11

MITRE ATT&CK Enterprise v15

Tasks