General

  • Target

    Noxic.zip

  • Size

    95.0MB

  • Sample

    241108-3kqz1asdmb

  • MD5

    a6d5a104727e3b65c3aae2115792fb8e

  • SHA1

    7d58c158153ab4177d0fa15f99b19913ea93b5c6

  • SHA256

    ed08d239c46a922bb22cc1c27fdbf6699819e48d911766ec37b31b0423a52f71

  • SHA512

    0bc57085409013bcf4dc1b6198f6ff6c1b879c3767ceafb3e64cba1ed795754c128ac716c4f8dc29c1902c4cf47fef56c7c39229567f0a1bafd5f2a932de675c

  • SSDEEP

    1572864:mLLDdCexR9W9phLIllrymFpvXIw0RPcIwuVsPUZ6OuPpKPXl6KDNSFOAKblpLP98:8DdCQHWHhLSrdIw0R0v2sPUbY41ZEFB1

Malware Config

Targets

    • Target

      Noxic.exe

    • Size

      97.1MB

    • MD5

      3a74f44c697eab7f7d4be6f8f45f2fa3

    • SHA1

      9911e33b3db1ffe049f56ee1d5af12c189a02c3a

    • SHA256

      d317c6c038ca4e934f981c1c37d3d47b891249b10c7ce3e24d6ad3306a9a36dc

    • SHA512

      1e047418c6249363674612892389919971e722e8ac5c29bf365c4d41404aba9c2dbf9c76bb7c486da95f09883550d7d7fa24e631a9c91a9d02752e2133fb708a

    • SSDEEP

      3145728:Ch2VRVK8iQnLWFQM3K7f7+O5cjdsJIHxabE1:Ch2vVBf6R3Wf7+6ikS3

    • Downloads MZ/PE file

    • A potential corporate email address has been identified in the URL: [email protected]

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks