Resubmissions

16-08-2024 00:56

240816-bas8tszgnn 8

16-08-2024 00:11

240816-agk1cstdna 8

General

  • Target

    nazimodpc-v3.5.zip

  • Size

    861KB

  • Sample

    240816-bas8tszgnn

  • MD5

    fef5fc205500bc37f3530fcf3d7b0af1

  • SHA1

    2d3b8719a1c2588016f52746bbc21bddd3453bf9

  • SHA256

    5c11386f2616660c93a5952cdf1a2ba2674792d2b13c8d0c539282b4e8e72679

  • SHA512

    c15a539facba8ce6ad6b72d53e6b8e28af95115638fbfe3340f0b9f8b5433ebf2a8fc15388559061d635f57950e35d50f0773dd5e3b99cfdf571bad10b6ec2ec

  • SSDEEP

    24576:2kepxznWbwK9VDbBUgezxKamBp4oS6a8lJWqxbQu+aSn:PyzWsK9VbfKsVphrJWIbQu+R

Malware Config

Targets

    • Target

      nazimodpc-v3.5.zip

    • Size

      861KB

    • MD5

      fef5fc205500bc37f3530fcf3d7b0af1

    • SHA1

      2d3b8719a1c2588016f52746bbc21bddd3453bf9

    • SHA256

      5c11386f2616660c93a5952cdf1a2ba2674792d2b13c8d0c539282b4e8e72679

    • SHA512

      c15a539facba8ce6ad6b72d53e6b8e28af95115638fbfe3340f0b9f8b5433ebf2a8fc15388559061d635f57950e35d50f0773dd5e3b99cfdf571bad10b6ec2ec

    • SSDEEP

      24576:2kepxznWbwK9VDbBUgezxKamBp4oS6a8lJWqxbQu+aSn:PyzWsK9VbfKsVphrJWIbQu+R

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Detected potential entity reuse from brand steam.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks