Resubmissions

15-08-2024 22:32

240815-2fw5saydre 9

15-08-2024 22:30

240815-2fa8batarr 8

15-08-2024 22:30

240815-2expxstaqn 3

General

  • Target

    nazimodpc-v3.5.zip

  • Size

    861KB

  • Sample

    240815-2fa8batarr

  • MD5

    fef5fc205500bc37f3530fcf3d7b0af1

  • SHA1

    2d3b8719a1c2588016f52746bbc21bddd3453bf9

  • SHA256

    5c11386f2616660c93a5952cdf1a2ba2674792d2b13c8d0c539282b4e8e72679

  • SHA512

    c15a539facba8ce6ad6b72d53e6b8e28af95115638fbfe3340f0b9f8b5433ebf2a8fc15388559061d635f57950e35d50f0773dd5e3b99cfdf571bad10b6ec2ec

  • SSDEEP

    24576:2kepxznWbwK9VDbBUgezxKamBp4oS6a8lJWqxbQu+aSn:PyzWsK9VbfKsVphrJWIbQu+R

Malware Config

Targets

    • Target

      nazimodpc-v3.5.zip

    • Size

      861KB

    • MD5

      fef5fc205500bc37f3530fcf3d7b0af1

    • SHA1

      2d3b8719a1c2588016f52746bbc21bddd3453bf9

    • SHA256

      5c11386f2616660c93a5952cdf1a2ba2674792d2b13c8d0c539282b4e8e72679

    • SHA512

      c15a539facba8ce6ad6b72d53e6b8e28af95115638fbfe3340f0b9f8b5433ebf2a8fc15388559061d635f57950e35d50f0773dd5e3b99cfdf571bad10b6ec2ec

    • SSDEEP

      24576:2kepxznWbwK9VDbBUgezxKamBp4oS6a8lJWqxbQu+aSn:PyzWsK9VbfKsVphrJWIbQu+R

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Detected potential entity reuse from brand steam.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks