Overview

overview

9

Static

static

3

nexhub-patched.zip

windows7-x64

1

nexhub-patched.zip

windows10-2004-x64

1

HOW TO USE.txt

windows7-x64

1

HOW TO USE.txt

windows10-2004-x64

1

nexhub-fiv...1).exe

windows7-x64

5

nexhub-fiv...1).exe

windows10-2004-x64

9

patch.1337

windows7-x64

3

patch.1337

windows10-2004-x64

3

Resubmissions

18-08-2024 19:50

240818-ykjtgathpq 9

18-08-2024 19:48

240818-yh66zstgrp 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nexhub-patched.zip

  • Size

    8.3MB

  • Sample

    240818-ykjtgathpq

  • MD5

    d73b9d19fc9a809d061587e93b9164ac

  • SHA1

    e13756837ac64bf85b9e60abc4e41beb8a7ff9ac

  • SHA256

    4c8d6f202d7e0935bc5df645115288ae992df865b9240bdff63cbaaf7422a0e1

  • SHA512

    31a1796bc6773fe1bcd58cf3699950deb78b2fc7f5267fcccab417823f4ba08388ceaeab8d50c6e2f28d8c17b8db3f56aae7d027fbf1a0dda95de4e76e72dea0

  • SSDEEP

    196608:Eq/dHv8GylOK6e1mm+ogWe+Vs1NG2ghik5mIDgGLhr49Zb:XdH09/GgQPNgh75I/

Score
9/10
discoveryevasionthemidatrojan

Malware Config

Targets

    • Target

      nexhub-patched.zip

    • Size

      8.3MB

    • MD5

      d73b9d19fc9a809d061587e93b9164ac

    • SHA1

      e13756837ac64bf85b9e60abc4e41beb8a7ff9ac

    • SHA256

      4c8d6f202d7e0935bc5df645115288ae992df865b9240bdff63cbaaf7422a0e1

    • SHA512

      31a1796bc6773fe1bcd58cf3699950deb78b2fc7f5267fcccab417823f4ba08388ceaeab8d50c6e2f28d8c17b8db3f56aae7d027fbf1a0dda95de4e76e72dea0

    • SSDEEP

      196608:Eq/dHv8GylOK6e1mm+ogWe+Vs1NG2ghik5mIDgGLhr49Zb:XdH09/GgQPNgh75I/

    Score
    1/10
    behavioral1behavioral2

    • Target

      HOW TO USE.txt

    • Size

      250B

    • MD5

      908c066c282d9daba3f286eb5f6d0c10

    • SHA1

      7ca5cac5db6c172608f946b9bb80169cebf97a8a

    • SHA256

      693a407025b2a9c5af04472fea0abe46b14814a226f40ce87020ecee2f8ab535

    • SHA512

      a4bbc6c9f74a1c388c56051d9e196939feac7d8b463ddc6a57304fd5ba6831ff7cdedce3e860d7b9ff5f37a1e14df11e01eb2d90fa984f54ec116d2dd7421fb1

    Score
    1/10
    behavioral3behavioral4

    • Target

      nexhub-fivem-cod-woofer (1).exe

    • Size

      8.5MB

    • MD5

      0246b7c41b69b920db4d528d8f08cadf

    • SHA1

      f5d3de82b9711bc3ed8b0120757babcef22a12e1

    • SHA256

      51566fdcdeb6d0aa02de64197d5db72f0e7ee682b71ea02552c19cbcc98e946f

    • SHA512

      113f1cf8edb4710cc825bb28d46c7e228c34a37c0a1ade6bcf0ca5fb5c159b64379405277f859c5aee8d5f70a620e9e9adabdd77cf93a78cf565669ca167010f

    • SSDEEP

      196608:em4O+ZeImMKc1ck6eNgSI46SuyF+XB4G3psAvECBEubL7q:IZdLKIkRVprvG

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

    • Target

      patch.1337

    • Size

      157B

    • MD5

      f9ff11385e862b088293e7fe774b78f3

    • SHA1

      a3207dda292b8160944091196a07b70c1f481988

    • SHA256

      4b1af579cbf31c01664d2ee4ade6d0069391fab0f348146b146221700881e8cd

    • SHA512

      ce50a091807c114a464fb1fdf7da5ad4e5351a866b4223de01145f868faa813e68b7af39b80eb37f0ba56639b8ce382b2a2fed10838654c020a8c2440ef63849

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks