nightingale | 3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-10-2024 19:33

Target

3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
Size

169KB
MD5

fc505b7730fbbdead6d352aba01d6a18
SHA1

aa28e00c57c2a9a8638c777bb90f1f1528d359bb
SHA256

3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4
SHA512

7a61ec10f25cd40fe7c596d4afc1adfdf8497a5595768891372de12f9a44b176ecaa59cd84046e46d1277d30701d1bc68e8f8ed3606bcc535967764a7c1ae14d
SSDEEP

3072:EkMXuXhNC38S7gzQ/cqD4UT6R27Xrcrc0D83SOYrbnBI5a36rERRQSIpiJrenYPG:ayzQ/4WXwrJn9rbnBbLRRQSIpiJrenYe

Score

10^/10

Family

nightingale

https://api.telegram.org/bot6884699661:AAGPbkqESYn7iH7c6q7YuTlciwwO2tHQev0/sendDocument

Nightingale family
nightingale
Nightingale stealer
Nightingale stealer is an information stealer written in C#.
stealer nightingale

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\ms-settings\shell\open\command	3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\ms-settings	3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\ms-settings\shell	3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\ms-settings\shell\open	3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000_CLASSES\ms-settings\shell\open\command\	3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe

C:\Users\Admin\AppData\Local\Temp\3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe
"C:\Users\Admin\AppData\Local\Temp\3cbfe1e9bba7469a3fd606dcf77b047570f4b9a37c02b055f2ab0416773424b4.exe"
1⤵
- Modifies registry class
PID:3032

memory/3032-0-0x000007FEF60D3000-0x000007FEF60D4000-memory.dmp

Filesize
4KB

Download
memory/3032-1-0x0000000000250000-0x0000000000280000-memory.dmp

Filesize
192KB

Download
memory/3032-2-0x000007FEF60D0000-0x000007FEF6ABC000-memory.dmp

Filesize
9.9MB

Download
memory/3032-3-0x000007FEF60D3000-0x000007FEF60D4000-memory.dmp

Filesize
4KB

Download
memory/3032-4-0x000007FEF60D0000-0x000007FEF6ABC000-memory.dmp

Filesize
9.9MB

Download