Overview

overview

10

Static

static

10

injector nova.exe

windows7-x64

7

injector nova.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    injector nova.exe

  • Size

    7.6MB

  • Sample

    241029-ycqxtayfmj

  • MD5

    cebf49e54d37132a17f613eee8b7a8fb

  • SHA1

    597eb7b2408b85182f2b40cdb83852605bd2e841

  • SHA256

    205c84f75b64218d83eda868f4118722c7f2b7f97dcbc9bf35bed2947cf9ba2b

  • SHA512

    8f0d12d8cdf4a977c5a3407aa3faa26c73a5bc9a42f4ff175e8808876eaf16a2b9fec89c6c9334fcb275203c90fc3b0e10a236c8b4a3e9729d64ae48a9614eb1

  • SSDEEP

    196608:Xu+YS6x0MOshoKMuIkhVastRL5Di3ue1D730I:VYSU0MOshouIkPftRL54fREI

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      injector nova.exe

    • Size

      7.6MB

    • MD5

      cebf49e54d37132a17f613eee8b7a8fb

    • SHA1

      597eb7b2408b85182f2b40cdb83852605bd2e841

    • SHA256

      205c84f75b64218d83eda868f4118722c7f2b7f97dcbc9bf35bed2947cf9ba2b

    • SHA512

      8f0d12d8cdf4a977c5a3407aa3faa26c73a5bc9a42f4ff175e8808876eaf16a2b9fec89c6c9334fcb275203c90fc3b0e10a236c8b4a3e9729d64ae48a9614eb1

    • SSDEEP

      196608:Xu+YS6x0MOshoKMuIkhVastRL5Di3ue1D730I:VYSU0MOshouIkPftRL54fREI

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks