General
-
Target
Nexus v1.13.exe
-
Size
84.1MB
-
Sample
240806-vecw7avakq
-
MD5
d42008804e9444ebeac1b6eba11caf9e
-
SHA1
88353364dd0805e3343bef98e271df3ee9aaf8c2
-
SHA256
387ceccdce7de1fcdcc5115318f41ee384c231ee914695f507081f5afc712f94
-
SHA512
ee00e770f9b99338c41f507201308e4afed6dbf35c0d9ec4b40b6f0159720217f040a16dfa44a79ce864122f27286e142ba3e2f37daf30e763798c2b1a9e9408
-
SSDEEP
1572864:/4gPXMonJ0mayv/nuSNq89JMHRM8awNPET+tbwYuK6a/bmLTBf7:/4AcaGmz/nuSNq89JMxKwm+tXH/zmLT9
Malware Config
Targets
-
-
Target
Nexus v1.13.exe
-
Size
84.1MB
-
MD5
d42008804e9444ebeac1b6eba11caf9e
-
SHA1
88353364dd0805e3343bef98e271df3ee9aaf8c2
-
SHA256
387ceccdce7de1fcdcc5115318f41ee384c231ee914695f507081f5afc712f94
-
SHA512
ee00e770f9b99338c41f507201308e4afed6dbf35c0d9ec4b40b6f0159720217f040a16dfa44a79ce864122f27286e142ba3e2f37daf30e763798c2b1a9e9408
-
SSDEEP
1572864:/4gPXMonJ0mayv/nuSNq89JMHRM8awNPET+tbwYuK6a/bmLTBf7:/4AcaGmz/nuSNq89JMxKwm+tXH/zmLT9
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
100KB
-
MD5
c6a6e03f77c313b267498515488c5740
-
SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15
-
SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
-
SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
-
SSDEEP
3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -
-
-
Target
$PLUGINSDIR/app-64.7z
-
Size
83.8MB
-
MD5
50746b31f5f0b90e672319971c496c7f
-
SHA1
19209ae6e7247d65da23e7542d9b798fd4325fd3
-
SHA256
77ee7acb3caae53a527c032a0de39af01ef972df997285155328297c45dfa69f
-
SHA512
791c4df154950315995ccb33d3b8d664c163d22b8ae84e6b52159f6d6eca22de304dfed3bea5fea397a835960b390a229e78ed6e3287160bcc793bbba574ef52
-
SSDEEP
1572864:T4gPXMonJ0mayv/nuSNq89JMHRM8awNPET+tbwYuK6a/bmLTBJ:T4AcaGmz/nuSNq89JMxKwm+tXH/zmLTT
Score3/10 -
-
-
Target
locales/pt-BR.pak
-
Size
490KB
-
MD5
53d5fb849c9bab70878b3e01bffad65a
-
SHA1
e72af1a76539e66cef4a4eef5844b067a4e1a79f
-
SHA256
40dd24c5e225ed941bbaab3dcfefa993e39fbc75a1798f4f6e06424956698ac5
-
SHA512
55357643d789d2eed72e009f08f72ba4895ba455ca00c8347a3c3790e43f8d7e4625feda438ecac840bdc52c26d2135d89bea693b61a293922b6056bde6b4516
-
SSDEEP
6144:OrUbPq56NTyytNBXBLilIyMyE15aKJutiOsRhkxCp:Or6C5FyT5hJKsRKxM
Score3/10 -
-
-
Target
locales/pt-PT.pak
-
Size
492KB
-
MD5
0237374730fa1a92dec60c206d7df283
-
SHA1
62dbbd855d83ef982a15c647b5608dafb748745a
-
SHA256
2fb2fd2e32b952dcbc8914f9d3aaf02bf2750b72abfee2e8b2bb08062ddd9934
-
SHA512
63ec4ec44002724e22703a3bd952d1ff4062b367c4f5e3f106349bd226ad1317bef2e371fda0e099ea5c0afd32a9d2c1246c93c18d73dccf8fc2c1644a6fb6b2
-
SSDEEP
6144:f3O/2bF2ozwfieJVJJxhoN4lCOfVY35NKimSRri:f+/2x2od35NKtSR2
Score3/10 -
-
-
Target
locales/ro.pak
-
Size
510KB
-
MD5
4e692489e2ae74a4a11ca0a113048f15
-
SHA1
cb2b80217d5372242d656ac015c024fe1e5e77b7
-
SHA256
4a2a305668f1926cfe4bb72e8fbfde747c83ac4dd9cf535c13ae642d0b96fb79
-
SHA512
8ad9e0a79137a862def24d6963536e75b87bb71ab74dbdd43531c5c95ddd3cd834f22c6a8e3a1e03aad35ade65ecd227d5101b5be3ce3f0b7b471f5136cfd77c
-
SSDEEP
6144:F5F0NqPzpwXg7XTLb/7FSmo/xOfinKdoGN5PBoC1s2e/m7O3:SI0g7XTL/FSmo5OqKdN5pop/53
Score3/10 -
-
-
Target
locales/ru.pak
-
Size
836KB
-
MD5
1a9b38ec75ccfa3214bef411a1ae0502
-
SHA1
de81af03fff427dfc5ffe548f27ed02acae3402d
-
SHA256
533f9e4af2dce2a6e049ac0eb6e2dbf0afe4b6f635236520aee2e4fa3176e995
-
SHA512
05cf20aea71cdd077b0fa5f835812809ad22c3dbebc69e38ab2c9a26ad694ab50d6985aec61633b99713e7f57408c1c64ce2fb9ccdac26661b7167853bdd6148
-
SSDEEP
12288:2oZ3aknfQjRo4YS7yMh/KgNzJ9fx+aAka2qSGsN8zqcnYH8eXN2hPO3j/zpbzvMX:hZ3GR/5X6Eq
Score3/10 -
-
-
Target
locales/sk.pak
-
Size
526KB
-
MD5
f117e58e6eb53da1dbfa4c04a798e96f
-
SHA1
e98cee0a94a9494c0cfc639bb9e42a4602c23236
-
SHA256
b46db20eeba11f8365296b54469fdd001579852dc1d49a01fc59d2a8bcf880a3
-
SHA512
dea792a63e0557d9e868c0310ec2a68b713daf5cf926389e05a0885cdb05433d20f35d087de269f9584795da50600966b8ff5dd95583861443a1e90564a89793
-
SSDEEP
12288:zF2oXDdqsGk2Rspyzir+e/5CvHLg3HXLPxt9R:EoXDdqshpyk/5uLIltD
Score3/10 -
-
-
Target
locales/sl.pak
-
Size
506KB
-
MD5
435a2a5214f9b56dfadd5a6267041bd3
-
SHA1
36bbc7ca3d998bfb1edc2ff8a3635553f96ca570
-
SHA256
341c33514c627501026c3e5b9620cf0d9f482ab66b10a7e0fb112c7620b15600
-
SHA512
55271935e18ac27c753431af86a7dcd1f4a768adef1b593ba8e218da34856a5f9faf9819a3ecce3f21f0607ba95100c5cb18cd1a7138ec563090d0391ad5b52d
-
SSDEEP
6144:Gbsq8+s/u07QLr32zTMSB29i2iM8nnbrNjSdum4ocyxPbPD+DTubVmavfDszt5T0:sLWroSB2T+E+p578c0JHjcGi/fzzCqc
Score3/10 -
-
-
Target
locales/sr.pak
-
Size
780KB
-
MD5
8f58b2463e8240ef62e651685e1f17d8
-
SHA1
6c9f302aed807a67f6b93bcb79577397a5ad3cf7
-
SHA256
5a55320d6953efb5b565893e32e01f6dae781a16460df5502c8ba012c893edfd
-
SHA512
6076d43a73d5fa5192cbe597e018b268cfdc7efb94a6cb45dad5b0da9c3abf68aaf2ea06f3ad650b28a993605917b6d356339d79f8dd6962d2c40dbf4653ef83
-
SSDEEP
12288:qCIVob4zA74dHLYbeHIdN4SGdEDWeUnLYA1785sXMx5xMd8G37gjemS/k/C:ZSe41A0x85nxQP
Score3/10 -
-
-
Target
locales/sv.pak
-
Size
454KB
-
MD5
e4c9ced1a36ea7b71634e4df9618804f
-
SHA1
c966c8eb9763a9147854989ea443c6be0634db27
-
SHA256
e5cccdb241938f4a6b9af5a245abe0e0218c72e08a73db3ed0452c6ddfb9c379
-
SHA512
d07a4d62f22a1830d3ec44f0c347e4a7d70b35ceba126cbdc246a7b3ee7eda85e2338bab3edc7223f579964868136bb10d42c05e0e0ff9f73447b3606d9b2c4e
-
SSDEEP
6144:kcCDD/pC1z11OBIrkn554FwxZf1Chn4RFcmi8G96iMXSOwDE/xWcqVR5sW7Y5FcJ:vecXwIrLFy+5E5FcJ
Score3/10 -
-
-
Target
locales/sw.pak
-
Size
479KB
-
MD5
59ff4e16b640ef41100243857efdd009
-
SHA1
f712b2d39618ffadcf68d1f2ab5a76da5be14d74
-
SHA256
c18a209f8ec3641c90ea8ced5343f943f034e09c8e75466e24dcabc070d08804
-
SHA512
0e721a6cbf209ac35272ad292b2e5000d4e690062ddb498dbf6e8e6ee5f6e86d034a7303a46c2b85750245381c78efafc416ead13c1fe0ee5ec6088dd66adca2
-
SSDEEP
12288:/wmIzbIcvt54uCERdyU7bQg8Wo97pJ8zvgu352ub95Z4sKPe/BrufA:/azl5Bn
Score3/10 -
-
-
Target
locales/ta.pak
-
Size
1.2MB
-
MD5
5f80c9da0c09491c70123581a41f6dad
-
SHA1
3fc9560a954271cf09aaa54eec34963c72c06e85
-
SHA256
30658d99d753946e9c9c02094c89be25b710db77251df6cd1a8839c29de5f884
-
SHA512
072c5db7fe1eb9e6c270d0e9b439cf84ebb3dc374d4f01f01f9341030883f2d6d9c6970fb6ef14bf96fccb51eade9ca762f396f89ba1d3df1230dda68557fd4a
-
SSDEEP
6144:GeTVtPcVpmT9Yvh54P5TzotR1cA25tm1vYpiMyy:nViVITqzy5TzccA25tm1vYpiMyy
Score3/10 -
-
-
Target
locales/te.pak
-
Size
1.1MB
-
MD5
17b858cf23a206b5822f8b839d7c1ea3
-
SHA1
115220668f153b36254951e9aa4ef0aa2be1ffc4
-
SHA256
d6180484b51aacbf59419e3a9b475a4419fb7d195aea7c3d58339f0f072c1457
-
SHA512
7b919a5b451ec2ba15d377e4a3a6f99d63268e9be2865d674505584eed4fa190eaae589c9592276b996b7ce2fdfae80fda20feff9ea9adbb586308dfd7f12c2a
-
SSDEEP
12288:/jAoZvA07McKNnCRWtgd49+agb0DQWp5B63p1Fm6OiTlC2pFg+NFqUZrOIoXAoIm:s5G35xM/1
Score3/10 -
-
-
Target
locales/th.pak
-
Size
964KB
-
MD5
4917873d8118906bdc08f31afb1ea078
-
SHA1
49440a3b156d7703533367f8f13f66ec166db6e9
-
SHA256
d051b400096922089f6daa723fac18c9640ba203b2879aac4ca89b05738dd32d
-
SHA512
30e6446bad54b86be553fa293c7a92ec221adb54b99624ed69702df75347a98697158041a45f77ece4e7ed0fda41306ef21eb27981f24f0a4e42e8306175a88e
-
SSDEEP
12288:OgFN2HN9LyZYA1T6z1L/LLftDjsAnILwgv1V5UBGsL3fBj8BlzEdq3Ro9lGdI9uN:OgFYdK5J5j
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1