ca09bc895dc8a2d064c9627c83fb66de8224e85ef4988e04ea2416905c27d218

Resubmissions

06/08/2024, 23:46

240806-3sbv2sxhpg 7

Sharing

Copy URL Twitter E-mail

General

Target

NYX 4.5.zip
Size

9.0MB
Sample

240806-3sbv2sxhpg
MD5

52d5ebef8b441b82f87dcf928a382336
SHA1

e9bb0a4fdd23e5345b8d9eacd50f6eb2568f9271
SHA256

ca09bc895dc8a2d064c9627c83fb66de8224e85ef4988e04ea2416905c27d218
SHA512

978a08f42cfe71fec7cf314ea9e3f2cb10975fd040a3ed6442f4bb2ed44b0008048e1f7805e475b167c770d4ca3a1d0849442ba799749c77711a4f165189b90e
SSDEEP

196608:OFxkop4qGw8P3LGFqZSGrB51S5L/D6ayPiB8zPw4b:Tf7GEU4SD6LP3wq

Score

7^/10

Malware Config

Targets

- Target
  
  Guna.UI2.dll
- Size
  
  3.8MB
- MD5
  
  846a7e5993282e220b26b82e7a39a40a
- SHA1
  
  e37fe15d2fb33753c042e16d1d008d412e7d99e7
- SHA256
  
  5613682635617cd43720807448f69b10090932e8571a358b92361d2a2c7a4597
- SHA512
  
  fcf608391d7f8406bb538aca0e9dafb804cceda6c590dcd98d684645bc3bfc0c1d43455a74854988b4b30e56a68ef8be886e92e993f1504b49f0e4baa1c0cc0b
- SSDEEP
  
  24576:d1N5YmLfrTboUFM1dFqgWy/KKu7wG0Q/vtDyaBhTDs1l+zTdE+LHQ/jz4AN3KC:dLDoUFmagPKKu7wG0QHBTal+fa+PAv
Score

1^/10
behavioral1
- Target
  
  Nyx.exe
- Size
  
  1.3MB
- MD5
  
  c5cc05f8225d34986df5edb27110585f
- SHA1
  
  72153d746263fb06b4a09a4e4eefee7e564a1bdf
- SHA256
  
  f3ff153157252269e9c89d7d72e6d1f3fe70f65d37db7625a18c5b20c142adfc
- SHA512
  
  9510b3abcad016ef649820f5cae73938720a64550165ac0a91838c8eec7fa9c6a7526f5254143903ca35b07b2a8d0e3266276985749d9eff6866febae24ac9b5
- SSDEEP
  
  24576:mhc9oC1arhc9nC1athc9NY1w6tbZW/6cK45DnSrdiqQzxWMU3kGRpTCZggChc9:mho1arhd1athWcDbE6n4RScLfyXT2Ch
Score

3^/10
behavioral2
- Target
  
  autoexec/dark dex.txt
- Size
  
  645KB
- MD5
  
  3b197580bc3f733104cefb809baefedb
- SHA1
  
  6ab37d242167c1462be7df91cd3d6234f5e52d6d
- SHA256
  
  1dfba38f54830a63fe32c5f0c993bdaea6216716644cdd20fa6965566c30b44e
- SHA512
  
  1c383faaf26e90561eb0e69cfb9e87b4bff4f738d24ccdcb6ef984bd9b073ab0c333a41cc7bcc9ebecf67e92694388cb664956da66214e7ad77d3ef329267791
- SSDEEP
  
  6144:Avs1iT4p2ilg+ilbGXjI0QVpEkIQDEnE1TcO6qGqnGBsILk3RlZwLtv4/QM03XIo:Ks1iT4p2ilgOtv4YMRM
Score

3^/10

execution
behavioral3
- Target
  
  libcurl.dll
- Size
  
  557KB
- MD5
  
  bc4f7edf27ec19d796c2b9720a0d0711
- SHA1
  
  b7e49d641660d18c0977401e8b83cafa7475b2e9
- SHA256
  
  fd1facd293ffb60699ec797b8ff3553d3165f83d8e4f14ebbcfe3f3af87cb3cb
- SHA512
  
  e5deb07db01ee273a96e6684ab04bf425fedb0933f3f7db2eecfa3ae9e678fc1402bc1e7dc19fe0cb87f240af39f69d52f7003e84d809fd475d672f02a2a6d50
- SSDEEP
  
  12288:E/4zHAn7aOe5hR+e+VTXtz3m5+LIbaaDMhg2/FOhGteRl:TzAn7aZB+BBz38aaDMhg2/FOhGy
Score

1^/10
behavioral4
- Target
  
  monaco/Monaco.html
- Size
  
  47KB
- MD5
  
  d65261c2e83ae0319cb5e931d3cd813b
- SHA1
  
  b13189b8e6c82f9db00985483867e2ec27c99ccf
- SHA256
  
  520aa43d592bb8171d7cb015cdf6b8a2f5ae007be9a7a154c8f7c48b6f33b54a
- SHA512
  
  3e6e544d3947fa7b5a0391e84f6157b155f7a67cccff81b892a8d3c2f2303bf9003bf6ad3033df6cfcb809cf22a8208a8dbfb804a01d1b1b3def8322d14ababa
- SSDEEP
  
  768:TWi2Np6OXoy/21rxzD80kShCTrw4mkMXQnb1fqKTr5q4QVGQ6riAT+e3N9vnwJV3:d2Npdoy/21lkSMw4mkMXQnb1fqir5q4I
Score

3^/10

discovery
behavioral5
- Target
  
  monaco/NYXscriptdoc.html
- Size
  
  9KB
- MD5
  
  6e82bc5399815832088047710a99ed63
- SHA1
  
  9cc138cc30226950d3c41021bc36c426316e7acd
- SHA256
  
  6f04c59cf624a7c26ec563b26b1d0eec2beeea02b5fb2dbd64e865b2eb8165c4
- SHA512
  
  9cbfd385ec93a1c7e6f3c87efae3ea42da719f253bb0bc070e8491a214cb6919462e709a0fdcd1cb23d22f78569116478a033cda65159a0b40ca712e9100cdcb
- SSDEEP
  
  96:GCKL3WpH0VrADnyVBMc7BVf96firr/llTVFZbDGr3JY5B98PNhc:GCY60VnuORUqrjDTVnnnShc
Score

3^/10

discovery
behavioral6
- Target
  
  monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral7
- Target
  
  monaco/vs/basic-languages/lua/lua.js
- Size
  
  8KB
- MD5
  
  9cf08ada63c048e4e38c8816409ed958
- SHA1
  
  75a2564071cb1ff7c160d6ed385b9c32ed8a45df
- SHA256
  
  c171352021b601d49147f9c8a8b241ca0d8e905f79937164ac824ad2ff3f9ccc
- SHA512
  
  636e25d27ecd211b535845c7f7e5b546a5f50ccfa5d321d37fac0a155b6a001047f86bb5e514ee138efb82b88da6c3e4ea3db2a0bcf4918a274c9ff33145dd34
- SSDEEP
  
  96:SD3yDUnHWD5dyVLY7SvEFR88iqIZkQBZZMP4etFbhBuMCL8CvcOAtOfxBVkxMZlT:nDGHydyNY7SsfkFedmUtOfxQxjE
Score

3^/10

execution
behavioral8
- Target
  
  monaco/vs/editor/editor.main.js
- Size
  
  2.0MB
- MD5
  
  9399a8eaa741d04b0ae6566a5ebb8106
- SHA1
  
  5646a9d35b773d784ad914417ed861c5cba45e31
- SHA256
  
  93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
- SHA512
  
  d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
- SSDEEP
  
  24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f
Score

3^/10

execution
behavioral9
- Target
  
  monaco/vs/editor/editor.main.nls.de.js
- Size
  
  36KB
- MD5
  
  4d83bc1bced6f773423be6f939472cfe
- SHA1
  
  1b42889a7f580df9f7d399c33141d38548143ed1
- SHA256
  
  0dee462d5fb231f169f6cbc432465a43fd445c011fe650e29f5fb2bccc31eaae
- SHA512
  
  c53d522438767a15b5711099fee0acb62ff21289b62640d1a4823a90c8a7d8836bc932daae477d5188b1ba78c50c581284c4d7379efb532f37d356add97ac8e4
- SSDEEP
  
  768:jADv7LbgRyefe80QqYax/mZgb2ET1UZ0IMlYmz7w0hxH1N1Bg93RyFGAIDB7wZ9m:jADDx80QqYax/mmb2YLIEYmz7JhxH10D
Score

3^/10

execution
behavioral10
- Target
  
  monaco/vs/editor/editor.main.nls.es.js
- Size
  
  37KB
- MD5
  
  b371235f971baa51f58f123f40c4435a
- SHA1
  
  843d4a2d214c7d9da650cf4d0c6981ac1dab69c6
- SHA256
  
  203ff3591e02eb7b55a591e53919cc337f8dea73e6446fc3493227761c0794ba
- SHA512
  
  77d43490f1208dde16b6773551ea983cb2352455178ea0e3d4d4b2f2e05dc406cafae89738001d708b780b58882cf5448eb7a8d1c11aa7b8e87915a390da618a
- SSDEEP
  
  384:hwuiA9wZFjNzWZQz7uDlnDEuoKZvGrkEq1EhBR3H6Sg4eUz+JWCHcxS+S9SxS9tf:Y9ZCZQOtDZSj1XJS+S9SxS9tx78teB
Score

3^/10

execution
behavioral11
- Target
  
  monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  40KB
- MD5
  
  d319e61fc6b357b9a5d8e3bbaa44ce3c
- SHA1
  
  b1539b082b2b8290f05dfe17d6fee3d64b2ec244
- SHA256
  
  7fde40b2b212d274617232de09452c6cb896e8a3c6b9e0b459f067cd07f31a99
- SHA512
  
  6ba80b90242dc55ecfa1678e7f8506ed9add4bf08067b125ba63d42b8e8e4455507a86369f6fac6c9d10565d083e7364d4fc79d62e9bd460fe49957c91f598e6
- SSDEEP
  
  768:HlKogi6Q3JbQWxxGmmrHeHPO10xSgGvJ1COIoJoZjbEMO9ms:Hl8KbQwKRavGJoZG
Score

3^/10

execution
behavioral12
- Target
  
  monaco/vs/editor/editor.main.nls.it.js
- Size
  
  38KB
- MD5
  
  a8855a662eb4d3a771fdab7ba6287def
- SHA1
  
  a78b57810ac8e9704e97897c6168f4140d2eadf7
- SHA256
  
  f67cec6dbf98c98c834638d20df53c5a770edada7f26ebf6d0b7dfec60f7a4ab
- SHA512
  
  1c03f8b243701870d8a17e5565da6c65c3f1d76dfb55c88cf68578a4754434a071565da9147e7c833de588a5907b5ece07e018dec52c79d9b2914c964a48a4b5
- SSDEEP
  
  768:4klNUuMam1xYhz2LyXSXBjlHtvnYyjMbRgD5SL2KAqI0UGmGfpspuoeu317K93Ph:5f0SL2KAqKKNpCi
Score

3^/10

execution
behavioral13
- Target
  
  monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  41KB
- MD5
  
  a1f3c9e940206ca310147d644305a6e1
- SHA1
  
  005a8f7023b9d873962c7272203cc0c0d0ccc624
- SHA256
  
  ea9f5e8993017f858cd9ee70aac3d7990ca85eaf40a052025e530fb1c300837f
- SHA512
  
  f98ad1e4c127c3aa4a4ff2fa7ed2a65b5d32644211679e42d70aae03f9c0af1da7704061c28e95cbb25ad14745b1d086c9a49492119d0f97653a0b817823bc69
- SSDEEP
  
  384:hIDtFoY0u0ZAITlMRFG1yu9RwJUcQ8bo6CdXtK+c3YcnI+PjnN3H6Sg4dcRID9Dh:VW6RwJrQNdbc9N1aBDzTG7e2ZLlx/
Score

3^/10

execution
behavioral14
- Target
  
  monaco/vs/editor/editor.main.nls.js
- Size
  
  31KB
- MD5
  
  74dd2381ddbb5af80ce28aefed3068fc
- SHA1
  
  0996dc91842ab20387e08a46f3807a3f77958902
- SHA256
  
  fdd9d64ce5284373d1541528d15e2aa8aa3a4adc11b51b3d71d3a3953f8bcc48
- SHA512
  
  8841e0823905cf3168f388a7aeaf5edd32d44902035ba2078202193354caf8cd74cb4cab920e455404575739f35e19ea5f3d88eab012c4ebefc0ccb1ed19a46e
- SSDEEP
  
  384:h03CdtOurX25WyV1Vdf40CJjocZC6F7PKUvRjAaswHq9x3H6Sg4NFVlQlUDZpLjb:23mmysb1zVes3pxCSgwgwjhb
Score

3^/10

execution
behavioral15
- Target
  
  monaco/vs/editor/editor.main.nls.ko.js
- Size
  
  36KB
- MD5
  
  9ccf83d22e9a9bfafa2000f366ac47e6
- SHA1
  
  be61e121af1a363aa66d875f46e78562a603566e
- SHA256
  
  100ca482c015571ed9aad97c2dcc5e266b270a650ce892507443b5d4f32df64f
- SHA512
  
  3d68816994abff5c528610733cc729e91d390422c2ee2259dcef3cc4db9a599c1f3800f412259fe2f9a700bf2847b942a253986c011c659868bc9edaae6c2f16
- SSDEEP
  
  384:hS67TmO5oU1Yh4XK8ApE6/z2dHDNV1KiAaA+17tDDN3H6Sg4s/zKz8G3uyroDXYd:rmO5oGXrmi1zDB12zKzuyroKcNVk
Score

3^/10

execution
behavioral16
- Target
  
  monaco/vs/editor/editor.main.nls.ru.js
- Size
  
  56KB
- MD5
  
  fd1aa66906d2b3c0c9b734b17f04d73b
- SHA1
  
  299145469d5d5397a42274ccc908c865ebc46cfa
- SHA256
  
  fa180f7b77ee252aefe73ba5993fbe7c89f43482358d7fd32e8e2f50b3b21bed
- SHA512
  
  235c2ea1806c13dc0b85f06b5c9f2f811bd145968e2a0ad47c3fa1e063d408efc034dca7baf0b91942cc34e995d1274692c5556c2fb875dbb1054157da9c0132
- SSDEEP
  
  768:CXH0AKgvFBBK1ED81Z0LVdcan9oUxPr1TPgFuEFYPm/XftWZc:CXHXNtBBK1SLVdcan9oWPgFuEFYPm/d
Score

3^/10

execution
behavioral17
- Target
  
  monaco/vs/editor/editor.main.nls.zh-cn.js
- Size
  
  29KB
- MD5
  
  f954ac1091c6d0b640ed5f0abdcd8adb
- SHA1
  
  43e0d5e39910d124c384549df0b119ad1ebb12b3
- SHA256
  
  ac881e6f56544ed9b8dd4fd8fd8a73f1da864fb8d79d91c45f5a51f923bd5287
- SHA512
  
  8aff4877bf97ca29dfd5555fe5078ed3f05ac99c43f12c9b1c4d77ca11b1d040a81e0769c10a46a0bb32f3ffe72ae1a223faf5276d05a11f981aa7677e140c83
- SSDEEP
  
  768:FzMPbIhYBG5OcP2WyCzVsEJvjA1agnGMR:F8fcPN8Gw
Score

3^/10

execution
behavioral18
- Target
  
  monaco/vs/editor/editor.main.nls.zh-tw.js
- Size
  
  30KB
- MD5
  
  73031ff9956da03354038b3185222af8
- SHA1
  
  712cbf8027cae6c422490499538ec4a0928c6a78
- SHA256
  
  7751df224ac12dbc2e918b12fdbaa465306b6c511e4e1587790163edac18ad46
- SHA512
  
  48b80e78a6751ff58eb33ae92f3ad0e31d2e719d9dc9f4926db41e44f8ca9819cea7b657196f4f96c8a1291d57c59c70ffcd64cc9f8cdffc12bc6b5ff6c50e77
- SSDEEP
  
  768:pEOtM9oECeRbdFF0D1N+QZyzB0StZ4XUeqJ1wrv6Vl9YLz1/ewyOm:HXEJpdFF0xN+QyoUeqJ1wrv6Vl9Y8wo
Score

3^/10

execution
behavioral19
- Target
  
  monaco/vs/loader.js
- Size
  
  27KB
- MD5
  
  8a3086f6c6298f986bda09080dd003b1
- SHA1
  
  8c7d41c586bfa015fb5cc50a2fdc547711b57c3c
- SHA256
  
  0512d9ed3e5bb3daef94aa5c16a6c3e2ee26ffed9de00d1434ffe46a027b16b9
- SHA512
  
  9e586742f4e19938132e41145deec584a7b8c7e111b3c6e9254f8d11db632ebe4d66898458ed7bcfc0614d06e20eb33d5a6a8eb8b32d91110557255cf1dbf017
- SSDEEP
  
  768:3J6C/c2x0cAu57XQxJRDRi+R/TvrCv3zM2GRl0VEj:Z6grH7qTXRvmDI
Score

3^/10

execution
behavioral20
- Target
  
  nyxplayerbeta.exe
- Size
  
  5.5MB
- MD5
  
  da43034f1e6f44e037fbbe0b04a6488c
- SHA1
  
  d4afae73f16f903b4555143df7808dc68e7af276
- SHA256
  
  300ab1908f1709de695eaee41f649237c9d5df88d1c74592fb201d84710f49ee
- SHA512
  
  e08e91c07bef146510b7d0140772aa4ba3a0b9ed6d265a6d2e5120082c7c272017e2e4e9086a1b5555011d7dbee7001f91ff6fdfccdb4acb18c70f1d2b9d40b8
- SSDEEP
  
  98304:RmMAJI4pAG6k7/UqtXZAQaAbqD5UaXf3JfEsYeMRVJaujCf5RP7Mt2r6Sac9n:8MAJnpAh872pvJfEUwpCPQQr6Pc9
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral21
- Target
  
  scripts/Infinite yield.lua
- Size
  
  632KB
- MD5
  
  317fec7c823a6ba4ad613220b587a0e8
- SHA1
  
  3884e8a9a9122e7912c76c919f20c1b9d274f505
- SHA256
  
  5573cc6f439511c5ec73b0c88af87bce49cac37475aa32da5b75b931f632a3dc
- SHA512
  
  d5adc2137051ab321197d0a2261ab991f5bf16e0271485c64b66679d863efb58191fe269fc40aa39feefd380b28d33168a6910b7ec40dedd2974e6d1d2db0bad
- SSDEEP
  
  12288:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOCBkVgfgLcbVgBe28Vk9Gm1OvClEjmD1Szi:fyXiPr7Gja8LsZuN6nQRXONQDKZsjOC0
Score

3^/10

execution
behavioral22
- Target
  
  scripts/dark dex.txt
- Size
  
  645KB
- MD5
  
  3b197580bc3f733104cefb809baefedb
- SHA1
  
  6ab37d242167c1462be7df91cd3d6234f5e52d6d
- SHA256
  
  1dfba38f54830a63fe32c5f0c993bdaea6216716644cdd20fa6965566c30b44e
- SHA512
  
  1c383faaf26e90561eb0e69cfb9e87b4bff4f738d24ccdcb6ef984bd9b073ab0c333a41cc7bcc9ebecf67e92694388cb664956da66214e7ad77d3ef329267791
- SSDEEP
  
  6144:Avs1iT4p2ilg+ilbGXjI0QVpEkIQDEnE1TcO6qGqnGBsILk3RlZwLtv4/QM03XIo:Ks1iT4p2ilgOtv4YMRM
Score

3^/10

execution
behavioral23
- Target
  
  workspace/6af56c1753ac6679dee3acbd1fd952e5-cache.lua
- Size
  
  238KB
- MD5
  
  32ce7557096342c682aac480112aafd6
- SHA1
  
  4c33bb2256f545fbf40359f41dfb540c974e2b10
- SHA256
  
  2cb7324550728278213bceebba34264156d88dee67c7752251579554ac54c388
- SHA512
  
  d8cdc0f57ab1af990d01bc75f6d1d98c4ff90e448a35cce24208fa3bad335dbc038fd47d85c20ad45b3c62d11e80a9ef76eec8a6feff9bcf2ae778fa22271f97
- SSDEEP
  
  6144:sba6e7Zp73QJ8Y2EMimuHShSVFN3tW40AgxzE/4dD:sbje7njm1MimEfN3tnEEM
Score

3^/10

execution
behavioral24
- Target
  
  zlib1.dll
- Size
  
  88KB
- MD5
  
  bbe6279fb38491bf48a7706d3e1c6920
- SHA1
  
  4f7eb9112a1b9ac0450e8a073dada76c054b788c
- SHA256
  
  a8d39de9ea169c332a978679bf6aba9a5984088d1bcb1bd0a0eb2a888b4f49b8
- SHA512
  
  b79936168200dd1590e7de9dc3af78d5528b71f827f74976e3095f8625081dfd44208936af0bc205597b0222d246cd93f3d4bc887eca93666f76624c5cfb9f21
- SSDEEP
  
  1536:wrCl5V5lEwda1RnSbFfbpYwayRyivl97AKIOcIOZvyKrrvXA2ZjSmTEU:QcV5lEwUbShbpbaCpvoYSZvZ/vXA2Zee
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

VMProtect packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25