General
-
Target
NovaCheat.exe
-
Size
17.8MB
-
Sample
240827-ss6ejsxdpb
-
MD5
807043ba3fdc3a3b8a05df42d1f6ec45
-
SHA1
8b367bb054ef88abf80a389a48f6241bf0e9a99b
-
SHA256
b1e2992d5a6547ee3d78f11327d856a9c7586639d1c730f88344fcb99b145c27
-
SHA512
b37984031a24bb394057f548aa7f4dc137a9d2f3ac9a4bf7c01a581d0a365830d7a07999418b9e6a0f16232fe13bdc2bae9776698b069337137544811a15111c
-
SSDEEP
393216:lqPnLFXlreQ8DOETgsvfGjgBMFvENWh3nOs8Jmq:cPLFXNeQhEkc/NanOss
Malware Config
Targets
-
-
Target
NovaCheat.exe
-
Size
17.8MB
-
MD5
807043ba3fdc3a3b8a05df42d1f6ec45
-
SHA1
8b367bb054ef88abf80a389a48f6241bf0e9a99b
-
SHA256
b1e2992d5a6547ee3d78f11327d856a9c7586639d1c730f88344fcb99b145c27
-
SHA512
b37984031a24bb394057f548aa7f4dc137a9d2f3ac9a4bf7c01a581d0a365830d7a07999418b9e6a0f16232fe13bdc2bae9776698b069337137544811a15111c
-
SSDEEP
393216:lqPnLFXlreQ8DOETgsvfGjgBMFvENWh3nOs8Jmq:cPLFXNeQhEkc/NanOss
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
6a180a5cb3e791424c3f18d475352639
-
SHA1
607593176fe098de1a6ecc1939f8f14a76b10d18
-
SHA256
ffe6032046ac408d3f52e0f41ca6aacc2eaf8a6ab9fb3693fd5e6ce1975fef19
-
SHA512
3dc9adbcb3c40a28a9ad14885688af5058b819570021a9adca17c1a0f2728cf307e34a0c1195e7c68168ed0e5a752214f4b82a0edf706ed1d5e6e5652c431aae
-
SSDEEP
192:wAYv2J6gD8+Dd3WdXw+k0L+UIXJhwApMdwF8nnw:wv2JPWurw+j2UPWnw
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1