Overview

overview

9

Static

static

3

NirLauncher.exe

windows7-x64

9

NirLauncher.exe

windows10-1703-x64

1

NirLauncher.exe

windows10-2004-x64

1

NirLauncher.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NirLauncher.exe

  • Size

    25.9MB

  • Sample

    240721-g8m3csvhmd

  • MD5

    9e717d7865685c6036aee52d0efffdb4

  • SHA1

    dbe99d5f3678b4d6f9c5ce7896096ef24287cf72

  • SHA256

    9930d0ce01c00f577f3b40e9773d0ba3f55c41c7e876f984446d2ed756d258be

  • SHA512

    e183d4ed79da1e8b8d7071907b3682d999d7cfbe78b4a83e85a48ccb9e8850be93895652fcdde06c9a981c09906107a2b43bbb141b64a78efd236505c63423de

  • SSDEEP

    786432:NTxnq643jmn2/pZSzxExqwmNVQNCjKfrOT/YZ2VrePUN:hUOn2/mKgXgC2zaYZX8N

Score
9/10
upx

Malware Config

Targets

    • Target

      NirLauncher.exe

    • Size

      25.9MB

    • MD5

      9e717d7865685c6036aee52d0efffdb4

    • SHA1

      dbe99d5f3678b4d6f9c5ce7896096ef24287cf72

    • SHA256

      9930d0ce01c00f577f3b40e9773d0ba3f55c41c7e876f984446d2ed756d258be

    • SHA512

      e183d4ed79da1e8b8d7071907b3682d999d7cfbe78b4a83e85a48ccb9e8850be93895652fcdde06c9a981c09906107a2b43bbb141b64a78efd236505c63423de

    • SSDEEP

      786432:NTxnq643jmn2/pZSzxExqwmNVQNCjKfrOT/YZ2VrePUN:hUOn2/mKgXgC2zaYZX8N

    Score
    9/10
    upx

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks