4c3d790cd1d2d9da3fd730a36749a2f243b81bcf07b7996da644b58cd0196f86

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur_Executor.zip
Size

40.6MB
Sample

240911-nnentaycra
MD5

ca1a4380351b3ac3deb02121ca7fe834
SHA1

623653b1db860244da87e5f1f9f57664e189742f
SHA256

4c3d790cd1d2d9da3fd730a36749a2f243b81bcf07b7996da644b58cd0196f86
SHA512

c99bf4a5e5c1adacab4e3998e6b39caa9c505ab0327b5aa679d9d2c367474041a875e8faa34f69cf09741cc54001016265696424d57e3666cff14c15c75ecc3b
SSDEEP

786432:697Cn4V8iuXcfyrQ9JhotaS9rv+i+OjdRjtwFKIpeq83Wr/KJiLjRVJnGfMTi:6snuuIIAEdRvHji8qqiKoNnnGr

Score

3^/10

execution

Malware Config

Targets

- Target
  
  Nezur_Executor.zip
- Size
  
  40.6MB
- MD5
  
  ca1a4380351b3ac3deb02121ca7fe834
- SHA1
  
  623653b1db860244da87e5f1f9f57664e189742f
- SHA256
  
  4c3d790cd1d2d9da3fd730a36749a2f243b81bcf07b7996da644b58cd0196f86
- SHA512
  
  c99bf4a5e5c1adacab4e3998e6b39caa9c505ab0327b5aa679d9d2c367474041a875e8faa34f69cf09741cc54001016265696424d57e3666cff14c15c75ecc3b
- SSDEEP
  
  786432:697Cn4V8iuXcfyrQ9JhotaS9rv+i+OjdRjtwFKIpeq83Wr/KJiLjRVJnGfMTi:6snuuIIAEdRvHji8qqiKoNnnGr
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral5 behavioral6
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral7 behavioral8
- Target
  
  Nezur.dll
- Size
  
  1.7MB
- MD5
  
  2d1cbcbdfda220cea9142f8468be1428
- SHA1
  
  7a433e99397c37ee193559a8d724dec2d7d6ebcd
- SHA256
  
  50a259165d147503f7fe1f4f8ad2bbeed61d874af6d50677df74a6279938c646
- SHA512
  
  94edd031d1ba5d41f2cb3ad9e46b3567efaf9ef094a2faac65ec8bf8a4c5a5dd97cccfc93bf01cd3254927021e390ae3e8f42b84d31846a72e12541e632ecedb
- SSDEEP
  
  49152:3axZthUhOxvimErd9p5H5e2P02xiNcf18/alGZ8:Ijqrd9p5H5e2P0Rib
Score

1^/10
behavioral10 behavioral9
- Target
  
  Nezur.exe
- Size
  
  315KB
- MD5
  
  62ddeb34d900f007dbf3dffa3d37c6a0
- SHA1
  
  69c357dd3aca07a61db8bb78ba0ab70fc88c6d70
- SHA256
  
  2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a
- SHA512
  
  f5f26c7402c0d38cb61db5ea1e35c28e6bcff946000d401ae9f1281ad61a38251f6b60d7a53b2316d014bb04167b98795aec5a05d0cfbe666fecc49e8f29f54d
- SSDEEP
  
  3072:hiS4omp03WQthI/9S3BZi08iRQ1G78IVn2sbS7cJ68ltre0T5T+aGQ:hiS4ompB9S3BZi0a1G78IVAcUctLThG
Score

1^/10
behavioral11 behavioral12
- Target
  
  Nezur_Interface.dll
- Size
  
  1.1MB
- MD5
  
  93ecc71a1210ab64ba16746a44d89cf8
- SHA1
  
  d12ddf03218332e40a9939ece6e238225262abb5
- SHA256
  
  af1a4bcb352d75cca2eacc8e6d3269234a7b3c27d25cae0283544a456959e022
- SHA512
  
  4fc67e98b35581faefe614edcc9b012213158e1327cf374af3867130a7ca3bc1dfbbfa8ea26af2a05217a6b0bb09d82316e7b4e00cb4b57be9c45668ca1628c9
- SSDEEP
  
  12288:xPWyRv0uhCeMzFxhaSelVJDp2f7K33nQ3WcNoyUQY2g0S9t:QFLaSebJw63QNNoy1YO2
Score

1^/10
behavioral13 behavioral14
- Target
  
  f_000001
- Size
  
  2.4MB
- MD5
  
  605f21359d44327adf8e58c35f2670d5
- SHA1
  
  e755ac6d2fc5b949c0422cbacab3dee3522e494c
- SHA256
  
  273e992b2f3fb4ff72812d6817c28450339b86badf98b08d8810a60b57d58471
- SHA512
  
  c67d092011e0a514acc33b174d1e32229061a6d39a11b43f08f77b90f020b61cda7cc906f89b127b9107e2c804feaa0d4d6c3977ccc354187351313ce67e23a3
- SSDEEP
  
  49152:KsjoaBj6hpnDgp0eXoBB11ddp5LeZxtV91LLsz+/bjzTCcP59eMKpHCxKOqOY0X7:kQV
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  f_000002
- Size
  
  174KB
- MD5
  
  fd0b5c1ef714afc650ac1a25ec04631f
- SHA1
  
  451f901b2e5d67750f21cc61331e72e04419970a
- SHA256
  
  db02ace4a05402bd30eb529babe92ad28dbb173554f3471ac9e2417dcefb182e
- SHA512
  
  6ab15695bae097ef544adced3d31ba7f13a306adb2bbbaf7329b552773dc21705e1928bef69c7dec4ee2e06d8bc3443a07b2860549526fdb38964f83c3922bf4
- SSDEEP
  
  1536:ddi5eQeGEwCQ1m9JXKmA1xKzyOQJf9F2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTa:DHfd3KmA1yyOQJb2K7ns6dZ/RVaNzH
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral19 behavioral20
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/WidevineCdm/4.10.2830.1/_platform_specific/win_x64/widevinecdm.dll
- Size
  
  18.4MB
- MD5
  
  c1878711d6b7415b3d938da6c4b58e44
- SHA1
  
  153e61050cb6c00a341b23e46030c84eba4088f6
- SHA256
  
  d995bc4bebc34612f026cec2d1fb94e63079aa50e427130f528a047af8e21021
- SHA512
  
  e0d9df10b5739e9a517cbb5615cd99d74e7c8d97ed616a6a9aa374135956b5781b66b2fa9673e160af3241fa382056d28b877955f238156a1fa51ebcae3aacfe
- SSDEEP
  
  393216:tPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8G:rFyjs0pYl1hwDJeVT7erq8G
Score

1^/10
behavioral23 behavioral24
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/component_crx_cache/alpjnmnfbgfkmmpcfpejmmoebdndedno_1.3912AE3B63A3E8EE555D67078FBBDDCC8B8441A2EA309A96030A8239637C1476
- Size
  
  213KB
- MD5
  
  c815e5deac892f68d92c3e136d03fa33
- SHA1
  
  c5282fb4a78344bbeddc89571f11f6da4e0ee402
- SHA256
  
  3912ae3b63a3e8ee555d67078fbbddcc8b8441a2ea309a96030a8239637c1476
- SHA512
  
  9a9a3c1d43103bfc74efbbb53f046a1c7f17a26313467ad100ad0e3fee650acbbd20680254846d5c7ef609dd93c869bfc65278aaa20d1c3bc4555736fa4c00c1
- SSDEEP
  
  6144:KBxj2S7Dx01gqo+kCnTm+dKSiz8HX7LeSv9+xrIqUViyTrauocb9Q:cxj2Soo8083Dv4xrHUrWpci
Score

1^/10
behavioral25 behavioral26
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/component_crx_cache/eeobbhfgfagbclfofmgbdfoicabjdbkn_1.8BFD50D350D47445B57BB1D61BBDE41CEDA7AC43DC81FCE95BF1AC646D97D2A0
- Size
  
  1KB
- MD5
  
  e15208ff647aea1698bfa7da5287df5e
- SHA1
  
  bc5d6e7d0d71ae1bcac13320ee237ce0adc493f3
- SHA256
  
  8bfd50d350d47445b57bb1d61bbde41ceda7ac43dc81fce95bf1ac646d97d2a0
- SHA512
  
  07e2435f9e609d92daf97b5c6b75a79c9f8c229facd24999a45d954ad2eda130f7b7deeab6403f8518c5bfe2791b9796952c7ee58023488c90165cb1b0d5f47b
Score

1^/10
behavioral27 behavioral28
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/component_crx_cache/fgbafbciocncjfbbonhocjaohoknlaco_1.142EFD7C68A0EFF43733FFCA7B3B6A95BCAF4DDE63B5F0556A9B69A79BBB7947
- Size
  
  7KB
- MD5
  
  bd113c2446943d82fba96b0a996c5207
- SHA1
  
  ddc7064f08b05fd69683469841974ba81a63f149
- SHA256
  
  142efd7c68a0eff43733ffca7b3b6a95bcaf4dde63b5f0556a9b69a79bbb7947
- SHA512
  
  a69931b66136c9ff4200ee4a014da45dd667944ddf231bffab01ab5971500e0d3fa2d08bde61e2f7632a86c1b3b3e4e9fe9921cc6a95cd6345928f9a2c81b210
- SSDEEP
  
  192:KYArV6u8MziuO9jGSrTOjEe+64q4Q9gXcs6IzORMn3:qvzUh7rSEenH4JMBKwMn3
Score

1^/10
behavioral29 behavioral30
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.A81D1959892AE4180554347DF1B97834ABBA2E1A5E6B9AEBA000ECEA26EABECC
- Size
  
  952KB
- MD5
  
  1a9c030cf025d340ff394cd9e5b664f3
- SHA1
  
  c1e8490662903d90de97760cb3102426f2784bd9
- SHA256
  
  a81d1959892ae4180554347df1b97834abba2e1a5e6b9aeba000ecea26eabecc
- SHA512
  
  7a9584c96849b1c8c623119bea4255a628e0f36d3a5f670e9c6a20f84d250fee859751a521322864b1577d7ca3ecdd7ee805c0f35bd7d74ddf43afc9f2abf8cb
- SSDEEP
  
  24576:LwrAaUx3buUhBVQYflCitQKjQKR6kizJqpAGQ7xj8pUvQCg2:LCAH3ZsYflCiuKjgkc7B8mvQC9
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32