Overview

overview

10

Static

static

7

nvkFix/Con...gs.vbs

windows10-1703-x64

3

nvkFix/Con...ol.exe

windows10-1703-x64

10

nvkFix/FIX.bat

windows10-1703-x64

9

nvkFix/WUB...64.exe

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nvkFixer.zip

  • Size

    975KB

  • Sample

    240827-sfytyaybkk

  • MD5

    8f4680e626e17db12debe805bf1685a2

  • SHA1

    410adfcf925cba933cf306c329d9d6458160634d

  • SHA256

    cfbfb13967573bab19261e6d2653c6fa06cb1c9008c61aa89da19cd3a1c5c4ca

  • SHA512

    12b0797c4f768d21571f930628b62451f9a544eac12a799482f369c066a0d03e3efae40ba53746828326e89b9e11becc59dd92ccf8644339370b7ed792bb0dad

  • SSDEEP

    24576:p+Mddk2gTc4GRcE51hYYt+8qf92GLgdmRV4+IkpC:p+mQc4oD51dv29FCGVTC

Score
10/10
defense_evasiondiscoveryevasionpersistenceransomwaretrojanupx

Malware Config

Targets

    • Target

      nvkFix/Control Defender/Defender_Settings.vbs

    • Size

      313B

    • MD5

      b0bf0a477bcca312021177572311e666

    • SHA1

      ea77332d7779938ae8e92ad35d6dea4f4be37a92

    • SHA256

      af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9

    • SHA512

      09366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8

    Score
    3/10
    behavioral1

    • Target

      nvkFix/Control Defender/dControl.exe

    • Size

      447KB

    • MD5

      58008524a6473bdf86c1040a9a9e39c3

    • SHA1

      cb704d2e8df80fd3500a5b817966dc262d80ddb8

    • SHA256

      1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326

    • SHA512

      8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31

    • SSDEEP

      6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD

    Score
    10/10
    defense_evasiondiscoveryevasionpersistencetrojanupx

    • Modifies security service

      evasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Modifies Security services

      Modifies the startup behavior of a security service.

      defense_evasion

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral2

    • Target

      nvkFix/FIX.bat

    • Size

      977B

    • MD5

      f083c0f930d20a64669958500e827f4b

    • SHA1

      9315478c204f317865bc5c5dc57d007edf826525

    • SHA256

      eaaec43dba120f9dc1e2621a5812536aeeceaa1c851c492536e848b7ab57d93d

    • SHA512

      eb81b18a67ac6da65a97219b6cfed6ab6745cf02bc4fe446972558847fc47ccac2726b7f6c32c3af04005c885aed462a5098d236cff8b88c1323607395cf209d

    Score
    9/10
    defense_evasionevasionransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Modify Registry: Disable Windows Driver Blocklist

      Disable Windows Driver Blocklist via Registry.

      defense_evasion
    behavioral3

    • Target

      nvkFix/WUB/Wub_x64.exe

    • Size

      939KB

    • MD5

      9d6778f7f274f7ecd4e7e875a7268b64

    • SHA1

      452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa

    • SHA256

      187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2

    • SHA512

      d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87

    • SSDEEP

      24576:12DW/xbqX2YIbzQsu3/PNLIQFHyBvGThpZY9:12EmXGQsW/PN0QNlZI

    Score
    3/10
    behavioral4

MITRE ATT&CK Enterprise v15

Tasks