0cfd9e20af262ce9eaffa58b5deb15a454159adcf682b24d96bab8cccc89d64d | Triage

Sharing

General

Target

nikymetaa.rar
Size

59.1MB
Sample

240808-2raqxs1gpm
MD5

ef05e1e155d977f4b9c3c0ed4413d209
SHA1

59be66a9aa95701b69368f4148f8a8920a918aa6
SHA256

0cfd9e20af262ce9eaffa58b5deb15a454159adcf682b24d96bab8cccc89d64d
SHA512

f150ef1f692cf6bf98584ab99b1edc511ecc1b341b760ff85ccd2ab13bbbc0125bbdb8fea09bb7f9aff3e1e0ca7019abba6d747a44516e255d1ff0d0edeccc29
SSDEEP

1572864:JhXKPrKaNPbLQEppZ7YKUcoEx0lDG/T4jrS1n2rgbjF8zJtjs:faT9uEJMKUcoEDJ12eIjs

Score

7^/10

execution

Malware Config

Targets

- Target
  
  bin/NIKYMETAA-luau.dll
- Size
  
  1.3MB
- MD5
  
  083b9c34f5b8b2f815fbc8425410a387
- SHA1
  
  b6cb99d2a70397a8a761739d682dfdcc4a6419bf
- SHA256
  
  d9c0807f3fdca38e0c5a1a8aa1b7ed5b653d212e0b0c8644756e4082001f5e20
- SHA512
  
  c279078c6d9596128d04b04302dd45a8600b94633f6a7c9e89d8811f35655c99b2fa1b8bca7d806382d91a17d834ab5d82cdb546cf2e6e3fb5a11c055fb1e40f
- SSDEEP
  
  24576:ZqBSLRktEBl6blwTUMD4zB1VU2bFjYWR0pMQUAqLRAovh4bSAXVVRNRfM+Zl:ZqBSLRkt8l6blSU//+2bFfvA1SQVVRN5
Score

1^/10
behavioral1 behavioral2
- Target
  
  bin/save.json
- Size
  
  544KB
- MD5
  
  b6a40d54876c54eee6c0b4f92d3d3fcf
- SHA1
  
  a05de895634f92e7183dd681c7403fe8a8683b2f
- SHA256
  
  f5812f237b8f3651c63556dda905991b15df2cf9e0c9e71b5ee5883117cd9089
- SHA512
  
  20345d0a6bd3903689e1afb297867d9d9c4abeb6b580d03ed41641de29583a41412671623fe1ac5d593016a72e1918a62ac3be25c55e7d5ffd36d29bd0337bdc
- SSDEEP
  
  6144:d6fw72vJ95FERxz19Bp/OtR/Oae16MZUEDIA8ccqPWoNT9xnEHhxvj9qRGqsn4qq:dAR/OhDWXNrtRqoFt0zngXb71A
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  hyperion.exe
- Size
  
  58.4MB
- MD5
  
  0ec4d20dccaa0aed06a491a4c9c1636d
- SHA1
  
  b7aeed9a004193b472fc82296cd0d7f121978433
- SHA256
  
  2cffa447570221c478089472e676991105bf71154549b40608eeac113f890515
- SHA512
  
  81c77adc25ff0b01c039f2dfc35d38d169281db8892eb6c5b1123b4ea1b94f3eb080dffcd846c7a0ddff0512a58b594b5d583f89eadd5d9d91c7f3b478a6ce17
- SSDEEP
  
  1572864:uvEb9dLgxquRke+EJYPLnB3e4tBwzBtJ1srDVSmCo:uMbgxzupnB3eCBw1T1s/cx
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  scripts/UNC TEST.txt
- Size
  
  28KB
- MD5
  
  b76726d10354343d9af5c268e40b47c4
- SHA1
  
  7103c78071be0c65c8b3a217168cf7909aef748e
- SHA256
  
  e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5
- SHA512
  
  5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb
- SSDEEP
  
  768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  workspace/f42f3746fb3eb60f837d3673581c14a5-cache.lua
- Size
  
  288KB
- MD5
  
  d11bc547cfba140536c0c8e760e580d0
- SHA1
  
  7cb35294f5501e727fd190de1c395d418675d367
- SHA256
  
  62a2b61df628b4a2e62a4dcd8cb3571787088ed3218a949bd7fb433f17231cac
- SHA512
  
  05013780be2e482b569531cd559d3e47e403be725a487197d558bef092a547d84fbc67357fb43885ff9454af5337ee4926ed41b0542e1e0c04d8c7fda86ce7b8
- SSDEEP
  
  6144:42ArRQSeqQhLLFQKFDsV9la0Nw/jvs6ezQJjn5vl/2qw6MeVpwPWHuKRcdy0kz:423DR5pfHs8
Score

3^/10

execution
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10