Overview

overview

10

Static

static

10

Nighty-Sel...in.zip

windows7-x64

1

Nighty-Sel...in.zip

windows10-2004-x64

1

Nighty-Sel...hty.py

windows7-x64

3

Nighty-Sel...hty.py

windows10-2004-x64

3

Nighty-Sel...DME.md

windows7-x64

3

Nighty-Sel...DME.md

windows10-2004-x64

3

Nighty-Sel...es.txt

windows7-x64

1

Nighty-Sel...es.txt

windows10-2004-x64

1

Nighty-Sel...on.ico

windows7-x64

3

Nighty-Sel...on.ico

windows10-2004-x64

3

Nighty-Sel...ll.bat

windows7-x64

1

Nighty-Sel...ll.bat

windows10-2004-x64

1

Nighty-Sel...ts.txt

windows7-x64

1

Nighty-Sel...ts.txt

windows10-2004-x64

1

Nighty-Sel...un.exe

windows7-x64

7

Nighty-Sel...un.exe

windows10-2004-x64

9

q����(.pyc

windows7-x64

q����(.pyc

windows10-2004-x64

Nighty-Sel...ed.mp3

windows7-x64

1

Nighty-Sel...ed.mp3

windows10-2004-x64

6

Nighty-Sel...or.mp3

windows7-x64

1

Nighty-Sel...or.mp3

windows10-2004-x64

6

Nighty-Sel...in.mp3

windows7-x64

1

Nighty-Sel...in.mp3

windows10-2004-x64

6

Nighty-Sel...on.mp3

windows7-x64

1

Nighty-Sel...on.mp3

windows10-2004-x64

6

Nighty-Sel...pt.exe

windows7-x64

1

Nighty-Sel...pt.exe

windows10-2004-x64

1

Nighty-Sel...ss.mp3

windows7-x64

1

Nighty-Sel...ss.mp3

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nighty-Selfbot-main.zip

  • Size

    22.7MB

  • Sample

    240820-f892fswakh

  • MD5

    0e64df7d8d6c7b2b78f161c81110b070

  • SHA1

    a33939b3dad5e7b40ae1c9772869d6cbdbb632d5

  • SHA256

    a6560d7ca0aa6cd9fed35b053740140b7f57c89a63b5f965aa2f2be3beab3501

  • SHA512

    1ffa142ad102e767bd40c3cea5a8e93de1c3f37e2baaee076e389e7ca28badcffeb16b5016150ba9b2c5f29c32edd4a381a09974c2127c5b513547a14527ebd7

  • SSDEEP

    393216:laCyiJ0EEfxmIyaIQblvdrYTTbyaQBLS8YT7pL/tWqAf+BnFPkjom8n:lvyrfxVyIlvdr8iaNTlFVAfgnFPyom8n

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Nighty-Selfbot-main.zip

    • Size

      22.7MB

    • MD5

      0e64df7d8d6c7b2b78f161c81110b070

    • SHA1

      a33939b3dad5e7b40ae1c9772869d6cbdbb632d5

    • SHA256

      a6560d7ca0aa6cd9fed35b053740140b7f57c89a63b5f965aa2f2be3beab3501

    • SHA512

      1ffa142ad102e767bd40c3cea5a8e93de1c3f37e2baaee076e389e7ca28badcffeb16b5016150ba9b2c5f29c32edd4a381a09974c2127c5b513547a14527ebd7

    • SSDEEP

      393216:laCyiJ0EEfxmIyaIQblvdrYTTbyaQBLS8YT7pL/tWqAf+BnFPkjom8n:lvyrfxVyIlvdr8iaNTlFVAfgnFPyom8n

    Score
    1/10
    behavioral1behavioral2

    • Target

      Nighty-Selfbot-main/Nighty.py

    • Size

      403KB

    • MD5

      9df79fdef09b4cac5612a5a5eeb2cdef

    • SHA1

      da120d8235a4b874547c4e230a5b85af5a24e335

    • SHA256

      2f3191a89989584127d4194cf625facbd9d1fb4378085fbf5556f3fc8294be3c

    • SHA512

      a875a28ce6a6dabbd0274f48754b4e8978c362081202e89894ce43783a74102996f200e9f18835ef1b5665e056fbb81ad3670987297d3f7774da36184b79ec64

    • SSDEEP

      3072:87IPebDivUK5pBNA2F3OzqY3nXkk50EGn5kGzq:QK5pBPd45CniG2

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Nighty-Selfbot-main/README.md

    • Size

      559B

    • MD5

      a885227f4527ebbe915dae2efa8d156e

    • SHA1

      c8daebe279b971206ef185377f677603a227e041

    • SHA256

      bc2fffa569557f8a5bed2849bd97e4eedf343aef8e7bc8c8211acbe8649b3692

    • SHA512

      931da8273d1fd80c71015069c6c3b4b4234222676d985a8a79dd432ec3ea619887eec8cf6a7f8631fc9dc74e931d7e9c7045971b21306eb5917b11d9c2fdc701

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Nighty-Selfbot-main/features.txt

    • Size

      11KB

    • MD5

      f87516dcbfc678cb64b9d032d2864143

    • SHA1

      d823a700494d470bab8f411ff691b125673da09c

    • SHA256

      f1c0ea05fe4747252d9e75a1624a86e3eb3646da94ca55cfaeac4ff594f0e7c8

    • SHA512

      0def5169c17dc32e632a36ab85373ed51011d758fdaa089ee23002ac2085a16402da3f22d0acf9ebecc35374c6dd45f91203480b95922ae3f4989c22dca1d820

    • SSDEEP

      192:A7Cgsow/ktpSvRlyyT7oQhHYV721hodWjs4511F4a:A7CEvpmT7oQhHe7GCdWj9pF4a

    Score
    1/10
    behavioral7behavioral8

    • Target

      Nighty-Selfbot-main/icon.ico

    • Size

      4KB

    • MD5

      8dd70bec7eb8f07ed4680fa1cd644b07

    • SHA1

      a94e7ea107cf74a1a9850c4135ef35b39be11ff2

    • SHA256

      8368408e8da865bd243139213ce065d493d02d3ed1b22f9f125a56112361cf05

    • SHA512

      4cec8acd6db644869fe0fa5fc50bd92e9d90cab6709f5eef9ef06e59f5c809003a8c93c1f76a492a1e01f22e1c56549b9460b51bab9cf648c7ace7793fa1d002

    • SSDEEP

      48:bucZn3sFkgpoKqb7IEEM4H7pX99EHbrY7Z8zBwpjEp:buV8LIX/7pX3E7U5

    Score
    3/10
    behavioral10behavioral9

    • Target

      Nighty-Selfbot-main/install.bat

    • Size

      72B

    • MD5

      6dd5fa911d8aa37e5c83fd0af69bb067

    • SHA1

      49223ed723cf791a56e31700243408cc53004e81

    • SHA256

      743e8b550e1a30b44e4fae6ab1ab2b4453a6ee737a0a96a0eea946224e6f94df

    • SHA512

      71a3ba20c6d917a1407e9c3785d944d56426256c13d19ff9d337e352a49dd497e0541eff935b1f60b65a8b114dcc8a1360434298393aa5f1ac44662ec757c497

    Score
    1/10
    behavioral11behavioral12

    • Target

      Nighty-Selfbot-main/requirements.txt

    • Size

      245B

    • MD5

      f69631dd7bdebb15fded4f46e2aea593

    • SHA1

      afd9c3740a24c8b40b9564803982da087197bbc4

    • SHA256

      d0621da99efc336acbfa793262431ef2bb505fab39847a47b12d9217ec9d2e8a

    • SHA512

      000a2a2b2b96aa75fb9897e5d96b62b9fc3ff0d83fd3d79efe2a55489a64e6d9d3a261222f3fea0dd31839edd7517f0e32104b9aa24909fab6b203cb9763ba97

    Score
    1/10
    behavioral13behavioral14

    • Target

      Nighty-Selfbot-main/run.bat

    • Size

      8.2MB

    • MD5

      0371c7eeb955866ed952f75cbc85634e

    • SHA1

      b135fabdd115f49dc933c8c42faa32df991c1317

    • SHA256

      abc834744db1a66bf4f49a6c20d049eae084a3fe31420181434ca64e4f1c621e

    • SHA512

      43f05fc99288b93c43c3311d9ea44f8ee5eccf505289041c84d540f55240eaac358bb43012c0eee6c9f0b7b10814c8f72b6acfb655b7e1cb8c787299b2e10c4d

    • SSDEEP

      196608:JfrFqyI5EurErvI9pWjgaAnajMsbSEo23fQC//OoLxh:VSEurEUWjJjIfoo4jLxh

    Score
    9/10
    discoveryupxcollectioncredential_accessdefense_evasionexecutionspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery
    behavioral15behavioral16

    • Target

      q����(.pyc

    • Size

      1KB

    • MD5

      7343467da07a4bb8d624ba752e44e43a

    • SHA1

      31610948596292085558bb558c7175e2fe8dbc2c

    • SHA256

      cb365cd608a8de5d1c722de177360f980646569f8ef4661b4ea9e915443cd276

    • SHA512

      35a97506c0ea01795561c7f0cd6beba2c427d6dfafbc9806610e6860fa6deb82250419fdd9f377684d8cff439c4a72a6cd3fd5f7558276791249e9f532d6dc3e

    Score
    1/10
    behavioral17behavioral18

    • Target

      Nighty-Selfbot-main/sounds/connected.mp3

    • Size

      39KB

    • MD5

      bac040adc17d6535af717d4f9a2c1011

    • SHA1

      783df4816ff7da34b0261a07f810ec0dc4427d0e

    • SHA256

      e36310f81ab1fad6c0109d9bb45680e7b7ec34e6196db72c4fe20e525fbcf9b7

    • SHA512

      224a4aa6445537a7db3fb175bfd0ab3ad7c7ca10c9fa5457558a90ddc9f48eefbb81bf3e74a0c25c2b85aa2b3a47ea3eb6e4eb3116bcf038c9ee60d60215fe0e

    • SSDEEP

      768:IjVo0yDfY+vWeU97VmtrW+I3L+HMej8P/LWksP7GGMJRzR3M7oL3aBfM:IwDfYh9Bar93MPKRSJXVH7apM

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral19behavioral20

    • Target

      Nighty-Selfbot-main/sounds/error.mp3

    • Size

      18KB

    • MD5

      1e8f77eeaefcc75a118100ec8bdfb250

    • SHA1

      ca8a7d35f87de220320d0c7d29bd500a42b128f4

    • SHA256

      21efd0cc33d0bd16b9ec60795dd6770a125602b50670b7083a0ccf93cd470201

    • SHA512

      717fedf9f05141cd638b045984b857599772be8fe9ebf1d1239bb25f7891b2239e759dda028cc870bb10d0223f4da35e779e05dde904727c4ec2e5dc18266eb6

    • SSDEEP

      384:actkxr79DnSSD4fbPV+tPmuZGYH7/lpzLEAN+Vk0:arr79DSRPAYuZ3Hd+V/

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral21behavioral22

    • Target

      Nighty-Selfbot-main/sounds/giveaway-win.mp3

    • Size

      18KB

    • MD5

      ee2a01ed560817800943d5974db997a0

    • SHA1

      3060561905648271f15aec275e56db0a7ef9334d

    • SHA256

      168c418ca2e1c3ea9543e3fa6f1656359d735c8c1ea62c9a96227b87d0237beb

    • SHA512

      8f657c21677cb2fc41d05900f29a7c0f0fcfc9500d70d5db4dbb14a9659d603a6db659bad20e5005d476226bdb167a57678c37adc3fb5b4e0fc4186af889bcf0

    • SSDEEP

      384:Vo9XzqPoyGmhlsYhQfB8OsEYaZfKSo5oEVQCz4/5Y7n0DZzl:VolG9dhlskE3CT61OOYjaZJ

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral23behavioral24

    • Target

      Nighty-Selfbot-main/sounds/notification.mp3

    • Size

      26KB

    • MD5

      6fa234f4fc5e44f0b18a51aa9095c956

    • SHA1

      e1650f9f4294c883ba6282093e92c85a9329bd17

    • SHA256

      a7584353e7229c14cdbf75409e9785205f2f95dd26609374e7ad1a2b83f1d9fc

    • SHA512

      24c9e219c777a5bbb235476be8e04fb8b6662b6712755c38bce05ba626bb6b6f8d2c3d7addebfc34052e41f81386d945ce7af05387bf7c1f374689cfda3bc257

    • SSDEEP

      768:K9bi28u6mkBQRc0icm9P4nII4+PZWKB8lwKtQ/+o5n53h:Ai1A0t4d4UZWKldT3h

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral25behavioral26

    • Target

      Nighty-Selfbot-main/sounds/run_script.exe

    • Size

      33.1MB

    • MD5

      c1f086db3279c409294ce60d84dace92

    • SHA1

      07f62649aa3135d837e62dac8afa650475c3218a

    • SHA256

      fae50a98430267cc863bd5ff150b109d1ece1ba84cfcd8cd90301f98a7816cbc

    • SHA512

      d2dd7a2c5e6e889378acba63bc323baac563a59858a0580a401a3630f2c46e04e9e9ab74522316fe4c1d9ada57585779da3672f71ab40eafc458070e0ece3201

    • SSDEEP

      393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgP96l+ZArYsFRlfra:R3on1HvSzxAMNPFZArYsXrPS

    Score
    1/10
    behavioral27behavioral28

    • Target

      Nighty-Selfbot-main/sounds/success.mp3

    • Size

      29KB

    • MD5

      2a8b6d25b3c660314795970170d1a8f4

    • SHA1

      3d2832e1e080bfb9f3eb3877edac503a3e714946

    • SHA256

      0b5ec3c6be956ea6aa64ef3fbdfb0e2d3a6b31c66fb1f8fb86692bd25e5b7358

    • SHA512

      61342ad08fe788a68ba637262158ff4d9c78e4ac402582b17b93ffc17c7aaeb39b8dee91212805ffed6ad59115b615cc1082d1bd1c5c1d617aa39e3dde86055e

    • SSDEEP

      768:LjVCBcCPRWQPOfCF5QSiFPezv2XlAH0NF0BNIBk7:t4RW+OfCF5QSiUzenF0bD7

    Score
    6/10
    discovery

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Process Discovery

1
T1057

Query Registry

2
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks

static1

blankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

discovery
Score
3/10

behavioral4

Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discoveryupx
Score
7/10

behavioral16

collectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx
Score
9/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

discovery
Score
6/10

behavioral21

Score
1/10

behavioral22

discovery
Score
6/10

behavioral23

Score
1/10

behavioral24

discovery
Score
6/10

behavioral25

Score
1/10

behavioral26

discovery
Score
6/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discovery
Score
6/10