Resubmissions

07-10-2024 18:32

241007-w6nnfavfja 8

07-10-2024 18:22

241007-w1dahs1djm 6

07-10-2024 18:16

241007-wwl2vs1cnr 10

General

  • Target

    NocturneLoader.bin

  • Size

    607KB

  • Sample

    241007-wwl2vs1cnr

  • MD5

    4a5b7c6a9592dd295c6c23c6b17eae92

  • SHA1

    538654fa1a9453483ab2d051fad9dfe38cfa2b3e

  • SHA256

    4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70

  • SHA512

    47144a0eac75fb8a4653644441c8f3805e98cf82e681e89288603497ca44b2a43e1c3e794171113bd8744bc712cef31578f0e4f8e54ac029f9613531820ec248

  • SSDEEP

    12288:Cs13XpHNz+8cbkAklsOnb7Ev812q94GEwX/E+:b3XbzzculsObQva91DX8

Malware Config

Targets

    • Target

      NocturneLoader.bin

    • Size

      607KB

    • MD5

      4a5b7c6a9592dd295c6c23c6b17eae92

    • SHA1

      538654fa1a9453483ab2d051fad9dfe38cfa2b3e

    • SHA256

      4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70

    • SHA512

      47144a0eac75fb8a4653644441c8f3805e98cf82e681e89288603497ca44b2a43e1c3e794171113bd8744bc712cef31578f0e4f8e54ac029f9613531820ec248

    • SSDEEP

      12288:Cs13XpHNz+8cbkAklsOnb7Ev812q94GEwX/E+:b3XbzzculsObQva91DX8

    • Modifies WinLogon for persistence

    • UAC bypass

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables Task Manager via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Modifies system executable filetype association

    • File and Directory Permissions Modification: Windows File and Directory Permissions Modification

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks