General

  • Target

    Nightlight-v.1.6.zip

  • Size

    34.0MB

  • Sample

    241101-tx5t9atqcr

  • MD5

    3be558bc5eec26670a00303ae63af6dc

  • SHA1

    b06795688d2552516c7c47c9fca8e84ab08db46b

  • SHA256

    325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923

  • SHA512

    3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6

  • SSDEEP

    786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz

Malware Config

Targets

    • Target

      Nightlight-v.1.6/modules/modulefix.bat

    • Size

      376B

    • MD5

      0ff16789940e42898ccaf049525be407

    • SHA1

      d2cac0298cdfb1cc4c64bca6278a1d908115ffc2

    • SHA256

      485e1615d563d6d6abdc7b619a2da7f93a721827820cf3eae444f646d7d84a16

    • SHA512

      81dfb7c55e9cb1093b91935d95a6c04486626e21cb292faf497a8f769ba438a5ed41c4ce197caa260b1a4e14ef6cdc1bd70fd25d5dd4a7c75a46dd7ef0cd724a

    Score
    1/10
    • Target

      Nightlight-v.1.6/nightlight.exe

    • Size

      33.7MB

    • MD5

      a7769797c72b2fc4e620073505acbd2e

    • SHA1

      6cadf4dc73da9edeaea5c28fe3ce7adf758953f4

    • SHA256

      816a5fd7a87c93dec2527139e8ed60f3fb108a3cff6cf8df9d2ddd13886a7b4a

    • SHA512

      f7ff7d6f184f875fd8e28e01ffc3055c1eec22544255f945e588278f619cdcdd59beeecd9de53144e3819c63f277b5f1b1c2d169b5ab1d29c0bdd3be0bef3992

    • SSDEEP

      786432:4f9AOQN72Q1JbTiumfSfz+EvbJESWqEp+0/pW/UyTov:4VAOQNR1xTivfSffvb6qrSaU4ov

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Nightlight-v.1.6/setup.bat

    • Size

      647B

    • MD5

      0f1b9bc2ec9b838a4b470ee1a2e5cfb7

    • SHA1

      cdf553be5a5cd1277e0b92c148adb4bf208d5bea

    • SHA256

      0818d2ab5319ac9a0e30bc62092b872a3b2a233414b11316f3ad6913471482e6

    • SHA512

      4658c9595a763032b335e3a813a488a252e293a00e3a84c60264d1b162b716b6f68ac332cd74e95d8551406a5712a70201691131c838e2ce3cb50ec8dd5f1902

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks