Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Nezur.zip

windows10-2004-x64

Launcher.bat

windows10-2004-x64

6

compiler.exe

windows10-2004-x64

3

config

windows10-2004-x64

1

lua51.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nezur.zip

  • Size

    437KB

  • Sample

    240812-fc3mhazgmf

  • MD5

    bd241a63dc21715e0c0e4e0db32cda71

  • SHA1

    9e4832f23ae8232fce7fb0cb8b41fc525d5c6526

  • SHA256

    d1fd4a6680902769d39157959bcdc2b816d5f0ebff8913a02046936323c2ec8e

  • SHA512

    96194db9892e02d51aa2bdefc9cbdc06f499a5b3b8f415a80ece184cfde3e037b5e12be9a5de2e3bfc33ca8b9ecd13663242c3b6c5636951f647820c47ff33b0

  • SSDEEP

    12288:7/CyI4N34/jX/QIOLYBaEdJg18Q+9MBscqs6Cs:7/CyI4NI7/jOLYY18Q+9MR6Cs

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      Nezur.zip

    • Size

      437KB

    • MD5

      bd241a63dc21715e0c0e4e0db32cda71

    • SHA1

      9e4832f23ae8232fce7fb0cb8b41fc525d5c6526

    • SHA256

      d1fd4a6680902769d39157959bcdc2b816d5f0ebff8913a02046936323c2ec8e

    • SHA512

      96194db9892e02d51aa2bdefc9cbdc06f499a5b3b8f415a80ece184cfde3e037b5e12be9a5de2e3bfc33ca8b9ecd13663242c3b6c5636951f647820c47ff33b0

    • SSDEEP

      12288:7/CyI4N34/jX/QIOLYBaEdJg18Q+9MBscqs6Cs:7/CyI4NI7/jOLYY18Q+9MR6Cs

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

    • Target

      Launcher.bat

    • Size

      311B

    • MD5

      365ac921ece415c40ef7af7e24a3bb59

    • SHA1

      e73502e289f4d9b9acbe344c1ae0149b0f38aa2b

    • SHA256

      dc56d38eeb1eb3c0a03d14aae8ecdf9757421d9ffb56035266d1837c367e1679

    • SHA512

      60072fb9cce9fb3bc629d9623e94600d81d45ba1c9affc816f29b30d9fff904209ffb68521732fd2866fbe71db3774bf4c39074e63ef13dbefb83dc0812189a3

    Score
    6/10
    discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      compiler.exe

    • Size

      203KB

    • MD5

      db7341eaf35738159c5a3f5d2ddbe431

    • SHA1

      40c11de93f6b8de4e8ea46000304ee6e4161b3da

    • SHA256

      ddaac2d5cfa3e33f7448a1198f8b2172d82ad767b9a747a17cd2fa8ec7682144

    • SHA512

      1bea2b0d89330dce13e7892ed1b77c9715bc8bb0c81a7063efdc755d61a0cdfefe5aaf8e2c7c9ccd22fe8f4c00e0371bbaa7d7a11690e62389384a1e6d708753

    • SSDEEP

      3072:Gnvavn6z2TMRXs0I0ziBev6pQBeXEmZQCJeoH6ctzJQel5axhtvbOEUgnuBKn7+v:Gva5TMRXs0IKiBDbZt4Ggn77+ez3t8

    Score
    3/10
    discovery
    behavioral3

    • Target

      config

    • Size

      298KB

    • MD5

      4ad602c68eb3aa4c84c73834e653605f

    • SHA1

      3afe93611642a34da843e91db323fbec18ac7887

    • SHA256

      aa2ac19e959beca447e34da002cc63149c208d8427bb8631344ea069f4bbccba

    • SHA512

      9cbb57a762f924768a1ff05cec2f0a05e4c4b6d145a51bec8246bae4f9de382f95809cc71bb6a0592ee97172cf020bdecf00d6997ff4f0242a8ad6458ae7f2d5

    • SSDEEP

      3072:CpLKAVn5IsbBoSACROtFD/2GWJmv+yO9CE/eLxb0plHg2Qe7IXh2h:C8AHBoLCUjJWMO0E/et0pF5IXu

    Score
    1/10
    behavioral4

    • Target

      lua51.dll

    • Size

      389KB

    • MD5

      ae41bf4152700a5ca903d1a0627c7344

    • SHA1

      dcf1825c1a2dcd3507231ed14c24fc84e5edf56e

    • SHA256

      f453ccf48ed30fb6aa34ff4b345d79eae83f561fedb0b2afeae537b241eea185

    • SHA512

      99c8315dbd6ad1383eb647362649c601600bc158f51cdae5d67f6f7c752f45e3836d352c66ca9bd376a231a7e6cfb67c059bf1fa27c43ff1662da9f678bd8cec

    • SSDEEP

      12288:2iZ+ox9piQ8G27pC6Yyu5t60O0MJuAghAuNwABK:2e19pm7pCuCt6+w

    Score
    3/10
    discovery
    behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

3
T1012

System Information Discovery

4
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks