Overview

overview

6

Static

static

3

Nezur.zip

windows7-x64

1

Nezur.zip

windows10-2004-x64

3

Launcher.bat

windows7-x64

6

Launcher.bat

windows10-2004-x64

6

conf

windows7-x64

1

conf

windows10-2004-x64

1

lua51.dll

windows7-x64

3

lua51.dll

windows10-2004-x64

3

luajit.exe

windows7-x64

1

luajit.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nezur.zip

  • Size

    460KB

  • Sample

    240913-fppw6swajr

  • MD5

    291dd685dd75efefce8e6f5acf073e02

  • SHA1

    7f22a5c24a99e4fa9d1e70d9dfc846ba186e8cb4

  • SHA256

    f173df317a0168b9306f6167ac00bffafa15ee10a820b22f1ce0a2411a087cd2

  • SHA512

    af04fcd1ef61b31f889cf970cc00f801324f8035564becb9d4bd7e5939e13ba5baba8ce8de8586e4982655fab863fddfc20f4f69b54618a338687bcd5fdd42e3

  • SSDEEP

    12288:K9IGHPJx0MLpjEvpbZZHz7L5WLf8cdH2VczYT:K9DHPn1EDf5Wb8cdH2GzYT

Score
6/10
discovery

Malware Config

Targets

    • Target

      Nezur.zip

    • Size

      460KB

    • MD5

      291dd685dd75efefce8e6f5acf073e02

    • SHA1

      7f22a5c24a99e4fa9d1e70d9dfc846ba186e8cb4

    • SHA256

      f173df317a0168b9306f6167ac00bffafa15ee10a820b22f1ce0a2411a087cd2

    • SHA512

      af04fcd1ef61b31f889cf970cc00f801324f8035564becb9d4bd7e5939e13ba5baba8ce8de8586e4982655fab863fddfc20f4f69b54618a338687bcd5fdd42e3

    • SSDEEP

      12288:K9IGHPJx0MLpjEvpbZZHz7L5WLf8cdH2VczYT:K9DHPn1EDf5Wb8cdH2GzYT

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Launcher.bat

    • Size

      724B

    • MD5

      9edcc8710e562b5daeed73acaa17e2fd

    • SHA1

      a3d7d0a26c3a058ff0b3a25c64d43397f1823d95

    • SHA256

      f1ed443faa01092320e04e0231327bd59c6df7344ad0f46ca4885d28aa2afd60

    • SHA512

      312fec45d3897ecc67285694a73d4fc7ef044b6f3aa1e6a9d5a8cee0b1b70204396b43fe014a4680c539427c070f199ff91f151fbdc2ae8e0d97f1b3fca3cb4a

    Score
    6/10
    discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      conf

    • Size

      156KB

    • MD5

      bdec530c93a6d9dea9fb4ea147f1f44c

    • SHA1

      c027d59a30392fcc0be410cb921352360bb08f7b

    • SHA256

      4464be92e1a9c00e808fe6913afe721743e3e5f7693edb944499e3700ea6a308

    • SHA512

      4042aeb8391a61b20f3c9d7581a098e333265583f00f80b70d56a0344c37a60d8c32bd0b9816d499ab27a0aa406e7a3ed3a4a7f87189d8c030de6dc4bfdc773c

    • SSDEEP

      3072:p43rMpuwyY7tqkLl+UW22qluZwtGXYUfacYY63/KeBGI4Co:pirMpuwyY5qigqQatmYUfv63/sOo

    Score
    1/10
    behavioral5behavioral6

    • Target

      lua51.dll

    • Size

      592KB

    • MD5

      3dff7448b43fcfb4dc65e0040b0ffb88

    • SHA1

      583cdab08519d99f49234965ffd07688ccf52c56

    • SHA256

      ff976f6e965e3793e278fa9bf5e80b9b226a0b3932b9da764bffc8e41e6cdb60

    • SHA512

      cdcbe0ec9ddd6b605161e3c30ce3de721f1333fce85985e88928086b1578435dc67373c3dc3492ed8eae0d63987cac633aa4099b205989dcbb91cbbfc8f6a394

    • SSDEEP

      12288:rs7/mj/73RaLHIW5BmUeUhoE4RgiF1q1bPIBKsg4Db0S:rc/u/7IoRnUKfq1Dl4DY

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      luajit.exe

    • Size

      89KB

    • MD5

      dd98a43cb27efd5bcc29efb23fdd6ca5

    • SHA1

      38f621f3f0df5764938015b56ecfa54948dde8f5

    • SHA256

      1cf20b8449ea84c684822a5e8ab3672213072db8267061537d1ce4ec2c30c42a

    • SHA512

      871a2079892b1eb54cb761aebd500ac8da96489c3071c32a3dab00200f74f4e12b9ab6c62623c53aea5b8be3fc031fb1b3e628ffe15d73323d917083240742b0

    • SSDEEP

      1536:Ee7h7q/J6K3nHC+AGUob2f0DBFPbPWNPWp350NHcHkDsWqxcd2ZPSAv:Ee7oU8HC+AGUu2abPbPWQpO8E0A2tSAv

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks