Overview

overview

8

Static

static

3

NX.dll

windows10-2004-x64

1

NXInjector.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    bin.zip

  • Size

    6.2MB

  • Sample

    240809-z39chszalp

  • MD5

    5743521f038a51b35891c1c0bb11650e

  • SHA1

    b45ace1ae6d4ac40afc49ddfcc24fd78775d7824

  • SHA256

    02e713808860173bf56e5022f7adeae52ee7381d6e4f1cb61a72dfc6101168a2

  • SHA512

    82867a6771f9ebb71b4d61730739f99af854230737900f22ce632e93b88ca0eef5d06776ce7d1713ea4ffc1752e7608d7b93743adc316b5c143ef8eee98fe896

  • SSDEEP

    196608:U6zwS7Rk2WPgoc+2QR3KWQEAzYoUkzcwCwNwI:Jlk23qpxVEwkewN5

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      NX.dll

    • Size

      1.5MB

    • MD5

      26830be9abb1a7edbf2ac07322987609

    • SHA1

      c31a37dbc6ddb32f682c3702fd4341ab301b8d60

    • SHA256

      7d466cb0e1c149bfb60a01449f507a6366d0b571965561240dd0b85662182942

    • SHA512

      42db473eeb6f13575e2a486a4b185fcee9272d4181e3bff337f4d1fa47c0c19b16ba87ad00d387bbea6145c83bf663e730f22731cf6d7637a2d9421c2f37bc8c

    • SSDEEP

      24576:TbX1SFIzNpu4D0mZ3flVPvB7mOPaTL0dqHXiB/z5ZxQCzIdJMtPePA5L0V:TbX1SyzNpu4omZ3fvXdmOPaT8J3PQCkg

    Score
    1/10
    behavioral1

    • Target

      NXInjector.exe

    • Size

      14.7MB

    • MD5

      8e652b033b4859c30cbda858590a9a09

    • SHA1

      bc7c49b3361a41f4e3331cbc03b98bb5b9294a2d

    • SHA256

      b028c463c223dac6dd12c218db74aa82442a5ea244798db3edf535f4ddb8038c

    • SHA512

      087c8e2dc8f650f394add98fff21335ed180f6eb231694475bf04bbbfd3f25d28570add92bd3d042309b45238961b8ca349387de7517defbf9418c2d5a33b711

    • SSDEEP

      98304:wfbNH4ZF0GYr4PN2uSLfanFY12CbB75g5E9d2Q04JRfwesl18:0U/YryNDK0+B39Y8RIdl1

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks