General
-
Target
Nightlight-v.1.6.zip
-
Size
34.0MB
-
Sample
241101-tx5t9atqcr
-
MD5
3be558bc5eec26670a00303ae63af6dc
-
SHA1
b06795688d2552516c7c47c9fca8e84ab08db46b
-
SHA256
325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923
-
SHA512
3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6
-
SSDEEP
786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz
Static task
static1
Behavioral task
behavioral1
Sample
Nightlight-v.1.6/modules/modulefix.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Nightlight-v.1.6/modules/modulefix.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Nightlight-v.1.6/nightlight.exe
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Nightlight-v.1.6/nightlight.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Nightlight-v.1.6/setup.bat
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Nightlight-v.1.6/setup.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Nightlight-v.1.6/modules/modulefix.bat
-
Size
376B
-
MD5
0ff16789940e42898ccaf049525be407
-
SHA1
d2cac0298cdfb1cc4c64bca6278a1d908115ffc2
-
SHA256
485e1615d563d6d6abdc7b619a2da7f93a721827820cf3eae444f646d7d84a16
-
SHA512
81dfb7c55e9cb1093b91935d95a6c04486626e21cb292faf497a8f769ba438a5ed41c4ce197caa260b1a4e14ef6cdc1bd70fd25d5dd4a7c75a46dd7ef0cd724a
Score1/10 -
-
-
Target
Nightlight-v.1.6/nightlight.exe
-
Size
33.7MB
-
MD5
a7769797c72b2fc4e620073505acbd2e
-
SHA1
6cadf4dc73da9edeaea5c28fe3ce7adf758953f4
-
SHA256
816a5fd7a87c93dec2527139e8ed60f3fb108a3cff6cf8df9d2ddd13886a7b4a
-
SHA512
f7ff7d6f184f875fd8e28e01ffc3055c1eec22544255f945e588278f619cdcdd59beeecd9de53144e3819c63f277b5f1b1c2d169b5ab1d29c0bdd3be0bef3992
-
SSDEEP
786432:4f9AOQN72Q1JbTiumfSfz+EvbJESWqEp+0/pW/UyTov:4VAOQNR1xTivfSffvb6qrSaU4ov
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Nightlight-v.1.6/setup.bat
-
Size
647B
-
MD5
0f1b9bc2ec9b838a4b470ee1a2e5cfb7
-
SHA1
cdf553be5a5cd1277e0b92c148adb4bf208d5bea
-
SHA256
0818d2ab5319ac9a0e30bc62092b872a3b2a233414b11316f3ad6913471482e6
-
SHA512
4658c9595a763032b335e3a813a488a252e293a00e3a84c60264d1b162b716b6f68ac332cd74e95d8551406a5712a70201691131c838e2ce3cb50ec8dd5f1902
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3