06f3ab8955927af8728f1e98dcdc774ee152d436b6515b392a96e493b8a2beb7 | Triage

Sharing

General

Target

Nezur_Executor.zip
Size

16.7MB
Sample

241009-24s32a1bja
MD5

42c278cad8f9034244fb875ca15cc8a7
SHA1

3d083068b92bad91a9f897495e1422c7f4abafc3
SHA256

06f3ab8955927af8728f1e98dcdc774ee152d436b6515b392a96e493b8a2beb7
SHA512

40a7a7876c565c105febeda16820399d15974853d8dc54440d000f3f3ba44d64076c3a024b97f6949521a0a3087883fce1fcb6598d2aaeecb0de41bd8d0da826
SSDEEP

393216:LTZ826XbggENmCbLf3Xw/FDc/a25P7GbByjH3EU8D:Pq26rggymCff3GIa2F6EjH3UD

Score

7^/10

discovery themida

Malware Config

Targets

- Target
  
  Nezur.dll
- Size
  
  13.4MB
- MD5
  
  a5d579cabaac45d8b7fbbdc63ba44c4c
- SHA1
  
  075566994c7e19f9f8c468e1d992c3346cef4e3a
- SHA256
  
  6d3a684abbe16b9885b095c176c6472375d461b000275008aa7c1f62125b6357
- SHA512
  
  f84571595634488905410b275e62c099d328a9c86f845efb12f0c534699a59443c27597da9de79b9d1ae4d63620106f2807c1ac0771f8ceca892b96579c43ca5
- SSDEEP
  
  196608:MA9vTh99AhyXew/d8uCytSBhx3G7KLdTZkIJkGn9+freSsILX4R:MARahyX7/iLygtFzNHypRXM
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1
- Target
  
  Nezur_Interface.exe
- Size
  
  7.3MB
- MD5
  
  c9af7e2001b94e2001a5570d3fad260d
- SHA1
  
  63b400a16358e589e6bb43757c84f0cdee597b7d
- SHA256
  
  b75d3cc9cdd39a2c4811f871efb47f528222fe49a7dc923a82d1ee10ceccdfcd
- SHA512
  
  b3c012666476cad91a0baddbc2f568633aeb0abc9331ff81473bb52e1c9aac1cfeb50bf90f843d290eda19bd3aac73a29f9ce6478d33e3acd2c353a8adad995a
- SSDEEP
  
  98304:P4QuiXvqdeO4pbZVj9JPgBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuY2:ARiSZO9S2fasv+BptT
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral2
- Target
  
  WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  3fac859547077abafe806ff1e4709f47
- SHA1
  
  0366df220c5d224ee64a42c929574407d2e6d2c9
- SHA256
  
  f4d811cda483adb33220c5a856c5ec8dca3a095fde54b44f08e1279a6a5efd33
- SHA512
  
  9b7b7aabf6bdc11dfd74430336e02d7d2b96b6bbf352f1e2d158a4900bead364900820af56cf9af25366ff5704e2ffcc2458d45dc3efe00ebd0843d127ab7435
- SSDEEP
  
  3072:JX1/Z3TlTRTFOYfThTNTvDbS2bT4wdovPEKdIMsb1Z5AalipT3YEtJ5+PON2Yo:JDTlTRTFOYfThTNTvDhvZkPEKdI7pxEG
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3