General
-
Target
NurikCrack.rar
-
Size
16.0MB
-
Sample
240923-lzvs3athjr
-
MD5
a76b10ae673b2d46ec76884c6a7bf8cb
-
SHA1
60bdb08a782829647c3a31499d8e544cfb2a6000
-
SHA256
99596eeef37785562b8b1208dbaa6e7e2d9e83056becb43d0b31f01216888fc0
-
SHA512
0f62bebdc9653b73d21e24295a424844454671fd5b145bb9ca8be7a1c58533b27a5ffdcaace289703beb5ed4b93c281ad399532c22a9a39ca785e7499281c7fd
-
SSDEEP
393216:/X743M9uTX4vu2SHh7aoKa3HNaSTlG7CFlc77UPcftSEpN/2a:f7YMcTX4Wh7Vh9PTl5lqKc1VpF2a
Behavioral task
behavioral1
Sample
NurikCrack/nurik/Nursultan.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
NurikCrack/nurik/Nursultan.exe
Resource
win11-20240802-en
Behavioral task
behavioral3
Sample
NurikCrack/nurik/NursultanInstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
NurikCrack/nurik/NursultanInstall.exe
Resource
win11-20240802-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1255267341017550858/gDHwLRcJ5Z6vxkhOt8ckW-l8jpv2WEDTg_SHcL4h0K-yY_7I4qbWTz88XckD4XUGvzOw
Targets
-
-
Target
NurikCrack/nurik/Nursultan.exe
-
Size
17.9MB
-
MD5
e504e3fc36fe4d6f182c98923979a779
-
SHA1
3ba9f1a9a15b79639a20cfcf79c9de31d15a17a6
-
SHA256
70b7b95bb952b3325476867307fc5bd4df5769b97bbcdd8b60e7b46e1b38e4a0
-
SHA512
63bbbc3ccf14b2846df64b8edae52b6431df52aa9e03569a28ca239ab02db94bf79ca8a0a30529e35a04ee5845768d752b99e6ce3830ab440c57850180ad1647
-
SSDEEP
393216:2UO/6SzixEgHKOvKjOnfrBafMIsEIjt7H:2Um6tFKOCjQAEAIx7H
Score1/10 -
-
-
Target
NurikCrack/nurik/NursultanInstall.exe
-
Size
303KB
-
MD5
face0aff265464e545a9073824a5874d
-
SHA1
04a59c0f10af4e1febaef3a70924d45df8834f4c
-
SHA256
2fb096a7b9847060f61b8f936b5462fdc60d37b2bc1e9bb1bf03e828e92cdf48
-
SHA512
9409ecd708da4f57b133546e1ace6aa78e99fa98de58c8e70608a7c138f7d1a0cd370d062714c68f36f441d9e9212c3e7898c6bf5df8c44b02270ba798c038e8
-
SSDEEP
6144:y/2T6MDdbICydeBoKEG4pSJfNtvurxmI1D0Po+:y/8bEG4p6fIb1DJ+
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-