General
-
Target
NocturneLoader.bin
-
Size
607KB
-
Sample
241007-wwl2vs1cnr
-
MD5
4a5b7c6a9592dd295c6c23c6b17eae92
-
SHA1
538654fa1a9453483ab2d051fad9dfe38cfa2b3e
-
SHA256
4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70
-
SHA512
47144a0eac75fb8a4653644441c8f3805e98cf82e681e89288603497ca44b2a43e1c3e794171113bd8744bc712cef31578f0e4f8e54ac029f9613531820ec248
-
SSDEEP
12288:Cs13XpHNz+8cbkAklsOnb7Ev812q94GEwX/E+:b3XbzzculsObQva91DX8
Static task
static1
Behavioral task
behavioral1
Sample
NocturneLoader.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
NocturneLoader.bin
-
Size
607KB
-
MD5
4a5b7c6a9592dd295c6c23c6b17eae92
-
SHA1
538654fa1a9453483ab2d051fad9dfe38cfa2b3e
-
SHA256
4c3fad8ea837861fe54356ad6e7e40cce2fe305b9cb323f07d8802c93a440b70
-
SHA512
47144a0eac75fb8a4653644441c8f3805e98cf82e681e89288603497ca44b2a43e1c3e794171113bd8744bc712cef31578f0e4f8e54ac029f9613531820ec248
-
SSDEEP
12288:Cs13XpHNz+8cbkAklsOnb7Ev812q94GEwX/E+:b3XbzzculsObQva91DX8
-
Modifies WinLogon for persistence
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Disables Task Manager via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
Modifies Windows Firewall
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Modifies system executable filetype association
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
3Change Default File Association
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Direct Volume Access
1File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
2File Deletion
2Modify Registry
5