Overview

overview

10

Static

static

10

nezur_launcher.exe

windows10-2004-x64

7

setup.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nezur setup.rar

  • Size

    135.3MB

  • Sample

    241007-e3xy9szdje

  • MD5

    59d465a4617b1ab5e2133505ca0620a9

  • SHA1

    780d92f923ddeb4a58d1e42deeddbe3a46eba6cc

  • SHA256

    2a0419ab49b11246123e0303f642e9bcd9f6818075934b9fc760bbaed1033548

  • SHA512

    18ef2a3bd4919deb1a6439a1dc9cb2a49e81af3d27bbaf52d8e881c5a8f9efb15e375a092e4a5471b9fd3fea4979a6a9ad2e369361ef07dba7b21a72cf288c20

  • SSDEEP

    3145728:WC6xfThwJDA8X83qVEajeheRr8XATLULrpY1XAkSpbvDsdMlgUZs0k/HpAaxJsEc:iDMYqVnjbBT4Lr42pb7salZ820sRuO

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      nezur_launcher.exe

    • Size

      77.3MB

    • MD5

      f9baa9d8cbea602744c3d630baf9ea10

    • SHA1

      f1c9c49d4ea029f818394c3dae125d7905194534

    • SHA256

      516977a96ff20728424c0a44a33b13c924518ab752f5c0624fcb288d7df4fa15

    • SHA512

      12bc821b02feab617aeac68b05dc6565036e28ebba1565865ea8f2c59d86fb8c63721464579bd7ca833427816ec9c3e7256632734f00f32b043ebb4205374052

    • SSDEEP

      1572864:9kYIeQqMrlpA+Ql4/+AxTivfSffvb6qT/73V:93IeyklM+Axenwb6w3V

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      setup.exe

    • Size

      81.2MB

    • MD5

      4647b717df2487fcd105e1b1214845a3

    • SHA1

      545df60ead76a1e9b17f0a925a522e51fbf5512b

    • SHA256

      4f9d51802ea502245d9f01fc1c99f9ca1c40e744e78fc4dbb80444d0d67d545e

    • SHA512

      93905c0c609d5b7e5b9551151043e38e27797857c4d10de3cb5f420772be36346c6d155fd6a56386802a4dbfb92a1ca9a90f4cb066ae6f9747c46e11f15142a6

    • SSDEEP

      1572864:RGY9lTW388Sk8IpG7V+VPhqO+64E7QliqiiYgj+h58sMw6e8bD4cJXx:RF9dk88SkB05awO+6iwP5+eSXx

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks