bda512b2e0b17d5222586854c8d87566feec49798e6a4a7c7664a4ac737c93f8

Sharing

Copy URL

Twitter E-mail

General

Target

NekozRealistic.rar
Size

88.2MB
Sample

240825-ca85qasakc
MD5

89c0b6d55f00bcfd67477abf79bf33f9
SHA1

edbd7ab04c6f0eb57727a63b63f3f534d7d37b26
SHA256

bda512b2e0b17d5222586854c8d87566feec49798e6a4a7c7664a4ac737c93f8
SHA512

f006ab538294a317187a68dcdd1144a240d7052cc1d138f85845eca7086c10a338d5694072a02be7d6ea80dbf53f5a49b732557384a41800d3684b334745bc95
SSDEEP

1572864:gx+e4h7TL9BHH6ZnOqWH8EwCXkZaBcSrufGanp7GgtHPpKXXBlCCqn1:g4e4N3qWcEwCsaBcSruZkqPm21

Score

9^/10

Malware Config

Targets

- Target
  
  NekozRealistic.exe
- Size
  
  88.2MB
- MD5
  
  d72ff328e344d914c7e01b68b8d93e00
- SHA1
  
  8008ab70a611350287fcb5284e2b14126ccdd056
- SHA256
  
  4a50377638adcae2461e5abb2c115de316c364a6705b40f09ff3773c9bd5d76d
- SHA512
  
  ac256a4c5a9e2076a5e93c4eed6708fb4d03e027261d612635a6ac7fda59cf5522c53de9bc38eb0315176e16fd81542603d271a555e85a1269f6bce98a7c7194
- SSDEEP
  
  1572864:sx+e4h7TL9BHH6ZnOqWH8EwCXkZaBcSrufGanp7GgtHPpKXXBlCCqnk:s4e4N3qWcEwCsaBcSruZkqPm2k
Score

9^/10

discovery collection credential_access defense_evasion execution persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  LICENSES.chromium.html
- Size
  
  8.8MB
- MD5
  
  2675b30d524b6c79b6cee41af86fc619
- SHA1
  
  407716c1bb83c211bcb51efbbcb6bf2ef1664e5b
- SHA256
  
  6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081
- SHA512
  
  3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485
- SSDEEP
  
  24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  NekozRealistic.exe
- Size
  
  164.7MB
- MD5
  
  f80b2ee7c52e1060fd2a2151a96acea6
- SHA1
  
  c8439c74096888c6983cf1e7a623697260e51b51
- SHA256
  
  07da39ecec383765b3ccada1e47272a8ec4b636e25a9a175953e135611b77636
- SHA512
  
  7ff0491572a26c5edf07fa3a4e28ac517447cb5f48ed2a8f36c01e303b1b0962a75982f092d1c58090ccf4ab4ef92c312e47d8e3fa165b2bd9ec196991430f94
- SSDEEP
  
  1572864:ImIh9FimkfWTs6+LkanRWYS8a4lN+WTi6qSFK2u73JvPaKD2JsR2/tVBcpZOcrQD:2sFWY7ihS4kVP
Score

9^/10

collection credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.7MB
- MD5
  
  2191e768cc2e19009dad20dc999135a3
- SHA1
  
  f49a46ba0e954e657aaed1c9019a53d194272b6a
- SHA256
  
  7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
- SHA512
  
  5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
- SSDEEP
  
  49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score

1^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.8MB
- MD5
  
  14e00bf1d9d0df65f8b1a31240d474a8
- SHA1
  
  f9fe033725b7b1b5c0efce7a14ed7ab223cb32e8
- SHA256
  
  9d1eb0c6eb12bfa87e74a65c2fde5d61c4c93e21fb0800bbdccb6559527036a5
- SHA512
  
  652724450296a739de802ba8fac482953146f37665718446e448a350295e1e7b09bd460835bcd0ac26b2e54bb9b791624a9eea11e6c96573c7c4aed22450ed14
- SSDEEP
  
  49152:IF5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQ1SCu:IFvSkJXv+tiLAD0+D1S5
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  477KB
- MD5
  
  1dcf5ac3cb0dcda9c9679eeb018d01bd
- SHA1
  
  bc21697c5665aab5eaaba61f55719d43328f7e7c
- SHA256
  
  9cfc3001191e8b3eb9c96ba29e57e5bf9aaab264e83897e47cb968167a8a811b
- SHA512
  
  47d8769bf00cc7555479542abf5e0684799e424d9801dad8c6bd199680d9c40cfa2380d969515db7a0753cf6f3a9733b5afb931fe33863fe30a37092d8dc96b1
- SSDEEP
  
  6144:o8hd1BSjuMmof2SEXVVfgV8hxN7h2NIIEOg51f0FticyQ:o8DXSjZmof2SEsmN12NIIE7f0FticyQ
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  51378647d290f3a08affa8454a3d59d5
- SHA1
  
  32152a6677c82ea9e2e842baa907d708b46a6779
- SHA256
  
  80c2ef6ca6d0ff4877bd0c0bc082ff19c3a5002d53648bcf5f54368560f9a411
- SHA512
  
  ca90f5131d95fdb1e4a5cb7cb2bbef08676f70367b255270871754f776937994e34258084bf46437b25e1745728c279594d64e0718643eac0ac00cfc43d2c53b
- SSDEEP
  
  98304:1aUIRsMRk/yUt1ngliXWeamn0B8LfdAbvZ3gtT7:1anxRk/Pwzedpag1
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral22 behavioral23
- Target
  
  vk_swiftshader.dll
- Size
  
  4.9MB
- MD5
  
  0b0658bf4f8cf397e1deddc50d67523f
- SHA1
  
  8fcf0726ee1272a3d5c65d50be1626f1b1f49477
- SHA256
  
  94adcd97d1cdd459d21f0b5b57e0caf4c5c6e44f7bc6fc6a73f0bd133e8d551e
- SHA512
  
  d745424644b66783dc8cf6dd043f27356f25afcda679ed43672fc0caf33c7339006f033e0fb392c865a5eb3e9f0e5edf37154e77121ba5a71893420da26b7cd5
- SSDEEP
  
  49152:26h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzw:Xh3aMXoSHfPwksHldLiuNr
Score

1^/10
behavioral24 behavioral25
- Target
  
  vulkan-1.dll
- Size
  
  931KB
- MD5
  
  d421ae53119ed85e1e90b073eb51d7d2
- SHA1
  
  014f0f98a2271d385d57152a15f5d8a763d27c14
- SHA256
  
  3a433f9cbee4cc89ac58917f1872ee0f38ba451760d4bba6f37712f0c8179b7a
- SHA512
  
  8b36d24496ff5253a375ee72de616cbc165f815f8d1ee339955b922846b1e0de015f86ff45b8ab710d0ecf162fe3c6c801774b889cdfc35feb6baf5d12d67bdd
- SSDEEP
  
  24576:iYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7sa:iY65/M387R56Z5WoDYsHY6g3P0zAk7s
Score

1^/10
behavioral26 behavioral27
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10

discovery
behavioral30 behavioral31
- Target
  
  $R0/Uninstall NekozRealistic.exe
- Size
  
  147KB
- MD5
  
  b28776890bfef8b9f79a518ac5d8a4bb
- SHA1
  
  9504a399bc7770283dbcacac5e6566fa02f1d363
- SHA256
  
  d70be30e8f0302ab55d45857ade52951916bf3c485c9191a343d32b117bf1e26
- SHA512
  
  ef4a5d10baef18f45421458e59702b7d2dc1017f9739291ad91676cfdb20d8e70bc9a85d441a7cedd7b3f6cfce5185f0919efa87f198d21b4f2fcae67f8bc422
- SSDEEP
  
  3072:gn77v00hEoDEtaupSeqPKgrE4OidpR0WaH2tvhOEA1RJCir86SrSrv6Ia3E:g740I5SJLE4LdpR0Ws2t0EyL+ya0
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral32