f4ca65e152fb782fe1e4b56625f482f87592be42e7bb7f82ce8e438fa31ad97c

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur_Executor.zip
Size

56.1MB
Sample

240930-kw7g1s1cnc
MD5

33ac27bbe302bffd5f19fd0b2f8d1ca5
SHA1

7d9f4008f3173025285bea1a23c4b39a008b5ba7
SHA256

f4ca65e152fb782fe1e4b56625f482f87592be42e7bb7f82ce8e438fa31ad97c
SHA512

eac99ea86ff57069845d0ef603002989d124219409b0c21a54e5e544388eceae13e49276bf91863e248df99a8d70977192b4da0a93f512ede7b498f2fcd84c65
SSDEEP

1572864:h8nuuIIAEdRvy/5jieqqiKoNnnGzB8dD93skNq:h8nu2Jy/5jJFz+dD93LNq

Score

7^/10

Malware Config

Targets

- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Nezur Executor.exe
- Size
  
  315KB
- MD5
  
  62ddeb34d900f007dbf3dffa3d37c6a0
- SHA1
  
  69c357dd3aca07a61db8bb78ba0ab70fc88c6d70
- SHA256
  
  2aace00ef40acb91d0131d07838d4ab0d5c4387730eae8a5a74c23806fe17d8a
- SHA512
  
  f5f26c7402c0d38cb61db5ea1e35c28e6bcff946000d401ae9f1281ad61a38251f6b60d7a53b2316d014bb04167b98795aec5a05d0cfbe666fecc49e8f29f54d
- SSDEEP
  
  3072:hiS4omp03WQthI/9S3BZi08iRQ1G78IVn2sbS7cJ68ltre0T5T+aGQ:hiS4ompB9S3BZi0a1G78IVAcUctLThG
Score

1^/10
behavioral7 behavioral8
- Target
  
  Nezur.dll
- Size
  
  13.4MB
- MD5
  
  a11b836a0d9542ad11e8365ca38b7a72
- SHA1
  
  41623d4eb0c55e78483b7c4ff61db823100074a1
- SHA256
  
  350d6052da152aca33209aa854ceacbd1a3d92fbaccbf06449569f7c22dacaeb
- SHA512
  
  a7d0ccabdb914b752ef4b9c6dbd3977f7aacf6dc37898d424a146fb47fe84af2bd794629b2a787590f7c6c7605c52f7bdfeaf905294e14e0388a18890d800ee8
- SSDEEP
  
  393216:+1BqES3Fx3ZHp6gXT8X21lSbb1A2sPYJ5Ydacjyr:EwbHZ7XTYb5A2lYdaRr
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  Nezur_Interface.dll
- Size
  
  1.1MB
- MD5
  
  93ecc71a1210ab64ba16746a44d89cf8
- SHA1
  
  d12ddf03218332e40a9939ece6e238225262abb5
- SHA256
  
  af1a4bcb352d75cca2eacc8e6d3269234a7b3c27d25cae0283544a456959e022
- SHA512
  
  4fc67e98b35581faefe614edcc9b012213158e1327cf374af3867130a7ca3bc1dfbbfa8ea26af2a05217a6b0bb09d82316e7b4e00cb4b57be9c45668ca1628c9
- SSDEEP
  
  12288:xPWyRv0uhCeMzFxhaSelVJDp2f7K33nQ3WcNoyUQY2g0S9t:QFLaSebJw63QNNoy1YO2
Score

1^/10
behavioral11 behavioral12
- Target
  
  f_000001
- Size
  
  2.4MB
- MD5
  
  605f21359d44327adf8e58c35f2670d5
- SHA1
  
  e755ac6d2fc5b949c0422cbacab3dee3522e494c
- SHA256
  
  273e992b2f3fb4ff72812d6817c28450339b86badf98b08d8810a60b57d58471
- SHA512
  
  c67d092011e0a514acc33b174d1e32229061a6d39a11b43f08f77b90f020b61cda7cc906f89b127b9107e2c804feaa0d4d6c3977ccc354187351313ce67e23a3
- SSDEEP
  
  49152:KsjoaBj6hpnDgp0eXoBB11ddp5LeZxtV91LLsz+/bjzTCcP59eMKpHCxKOqOY0X7:kQV
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  f_000002
- Size
  
  174KB
- MD5
  
  fd0b5c1ef714afc650ac1a25ec04631f
- SHA1
  
  451f901b2e5d67750f21cc61331e72e04419970a
- SHA256
  
  db02ace4a05402bd30eb529babe92ad28dbb173554f3471ac9e2417dcefb182e
- SHA512
  
  6ab15695bae097ef544adced3d31ba7f13a306adb2bbbaf7329b552773dc21705e1928bef69c7dec4ee2e06d8bc3443a07b2860549526fdb38964f83c3922bf4
- SSDEEP
  
  1536:ddi5eQeGEwCQ1m9JXKmA1xKzyOQJf9F2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTa:DHfd3KmA1yyOQJb2K7ns6dZ/RVaNzH
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Speech Recognition/1.15.0.1/Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral17 behavioral18
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Subresource Filter/Unindexed Rules/10.34.0.55/adblock_snippet.js
- Size
  
  2KB
- MD5
  
  f5c93c471485f4b9ab45260518c30267
- SHA1
  
  ee6e09fb23b6f3f402e409a2272521fdd7ad89ed
- SHA256
  
  9aa899e0bf660ee8f894b97c28f05db06cc486915953b7f3b2ff9902fa8da690
- SHA512
  
  e50a1baf20db9bc867e85ab72f9976430e87d8516ca552f9342a5c91822c9e1404e4f915042d48d841cca3fb16fd969bf0aa01195791ce29de63c45814fcdcda
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/WidevineCdm/4.10.2830.1/_platform_specific/win_x64/widevinecdm.dll
- Size
  
  18.4MB
- MD5
  
  c1878711d6b7415b3d938da6c4b58e44
- SHA1
  
  153e61050cb6c00a341b23e46030c84eba4088f6
- SHA256
  
  d995bc4bebc34612f026cec2d1fb94e63079aa50e427130f528a047af8e21021
- SHA512
  
  e0d9df10b5739e9a517cbb5615cd99d74e7c8d97ed616a6a9aa374135956b5781b66b2fa9673e160af3241fa382056d28b877955f238156a1fa51ebcae3aacfe
- SSDEEP
  
  393216:tPRzXYeXFyjsrZuvpYl5SJIhw7PJeP9TZHZMaMq0Vrq8G:rFyjs0pYl1hwDJeVT7erq8G
Score

1^/10
behavioral21 behavioral22
- Target
  
  Microsoft.CognitiveServices.Speech.core.dll
- Size
  
  2.6MB
- MD5
  
  0ee2b50c85a110689352fccfa77b5b18
- SHA1
  
  d9ecc4b12d2d50e3cbce40e75edad804c9988b25
- SHA256
  
  62a13d8459e0992c311dc3551bf3c2d1ce167ea7fa40f0ec62193f3bd760b36e
- SHA512
  
  a4f94a05a69b5ae3a0ecf8bdb7592f698d0df81e2f1fae679f38890ad04a2384883837bc792c73848955ff4af7afed49d38839f7ab174454e61919ed78655bff
- SSDEEP
  
  49152:NodIJ85qaIU7ui8DDR5s8L0Oty8CvFqwsNcrCY2/YUZzQ7L9qhV6O8mOn0k10:gEDRwrcAwDl
Score

1^/10
behavioral23 behavioral24
- Target
  
  runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  136KB
- MD5
  
  8f2648cd543236ef1b4856715731e069
- SHA1
  
  c269e906556c160201fe229b9f6f3dde26888ac4
- SHA256
  
  77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0
- SHA512
  
  26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc
- SSDEEP
  
  3072:VgpD1l8o58rpoJbMPN6OSBTj0zEtJW6hGo3:aphl8omrhlzEtJNhn
Score

1^/10
behavioral25 behavioral26
- Target
  
  runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  c5f0c46e91f354c58ecec864614157d7
- SHA1
  
  cb6f85c0b716b4fc3810deb3eb9053beb07e803c
- SHA256
  
  465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f
- SHA512
  
  287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91
- SSDEEP
  
  3072:7evoTTlTRTyiuPThTNTKm81SbbMYSPLNsknZiZ2HZ5AaliiT88FEtJ57dXSvlCW:HTlTRTyiuPThTNTKmFQdhsknZiMHfEti
Score

1^/10
behavioral27
- Target
  
  runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  113KB
- MD5
  
  9d7744e15bb8e3d005079b18979c8544
- SHA1
  
  7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64
- SHA256
  
  cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2
- SHA512
  
  732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25
- SSDEEP
  
  3072:rJ7FfqJR70vRq2KVsCKKa/gqeNZ/TvxEtJlAlp8Ugr4fm9IxK:r7fqJRQY0RKD5EtJeTMr2mV
Score

3^/10

discovery
behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28