Overview

overview

7

Static

static

3

NeptuneX.exe

windows10-2004-x64

7

NeptuneX.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NeptuneX.exe

  • Size

    17.6MB

  • Sample

    241009-2v9dnawdqj

  • MD5

    28ef60e9439a876efdf5134309fb0b71

  • SHA1

    e3926f0e779a2f79dd097b035fb307eac499dff3

  • SHA256

    a1041a0a624b7289c8213ccab0e9289e97ce539b026945d2dec1fb3a7c7339ac

  • SHA512

    a0974b483c41235e38093bd1334a6521847c181a2aa9eb002fbea81579690b9b07d4558ed4ce003b051e62c6acc36bc9822d62625027a4d56d9b0ae5c4a65dcc

  • SSDEEP

    393216:xEkZQTL01+l+uq+VvUdQuslSl99oWOv+9rzgMNx2Z:xhQf01+l+uqgvUdQu9DorvSrMMy

Score
7/10
credential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      NeptuneX.exe

    • Size

      17.6MB

    • MD5

      28ef60e9439a876efdf5134309fb0b71

    • SHA1

      e3926f0e779a2f79dd097b035fb307eac499dff3

    • SHA256

      a1041a0a624b7289c8213ccab0e9289e97ce539b026945d2dec1fb3a7c7339ac

    • SHA512

      a0974b483c41235e38093bd1334a6521847c181a2aa9eb002fbea81579690b9b07d4558ed4ce003b051e62c6acc36bc9822d62625027a4d56d9b0ae5c4a65dcc

    • SSDEEP

      393216:xEkZQTL01+l+uq+VvUdQuslSl99oWOv+9rzgMNx2Z:xhQf01+l+uqgvUdQu9DorvSrMMy

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks