General

  • Target

    Nightlight-v.1.6.zip

  • Size

    34.0MB

  • Sample

    241110-behynawejd

  • MD5

    3be558bc5eec26670a00303ae63af6dc

  • SHA1

    b06795688d2552516c7c47c9fca8e84ab08db46b

  • SHA256

    325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923

  • SHA512

    3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6

  • SSDEEP

    786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz

Malware Config

Targets

    • Target

      Nightlight-v.1.6.zip

    • Size

      34.0MB

    • MD5

      3be558bc5eec26670a00303ae63af6dc

    • SHA1

      b06795688d2552516c7c47c9fca8e84ab08db46b

    • SHA256

      325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923

    • SHA512

      3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6

    • SSDEEP

      786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Nightlight-v.1.6/README.md

    • Size

      1KB

    • MD5

      27ec2b643074c461e0057f6e07014bf7

    • SHA1

      a9b9957353233f94cf271663928368a6077619e2

    • SHA256

      26b3dbc3765c2c6edc3a5c419b5a9efc1e93774e05699124e847ef9577386c84

    • SHA512

      a34503dbca652878580c0d9b9b4d9748bbfd15176de8156f4ab76cb4f33b9b88b14935b144c06bc9d533bcfcf1c15baa7ba55d3a3b89c1d55f00d2c4c4c4efe2

    Score
    3/10
    • Target

      Nightlight-v.1.6/decoration/banner.jpg

    • Size

      282KB

    • MD5

      a8988d2b200707a49247c909879f7fe7

    • SHA1

      140927a6b6316d7c948c29d69b52a2bb261a6ff9

    • SHA256

      b445302de4a9116ae166e21dbb886f97c554d20e2d5555d41df62a0a103cf35e

    • SHA512

      1d935ad7462f954d2bf931f28ecd4dff38b33993dbaed161d7a2fbb6ba337a0f83df28b8f3b0c66bcef2627b289a5c816f661b2dd63d1b2dbc7f54f465629aba

    • SSDEEP

      6144:h917+oTjZXZMpjlk4zDhA3rW76DIHi8uvWORVEUneJaBDJQ9i:h/pntQnyS6AitvDRVTmgDJH

    Score
    3/10
    • Target

      Nightlight-v.1.6/decoration/nightlightgui.jpg

    • Size

      308KB

    • MD5

      9d85dd97b949ab7b03315cb5a14c9fe0

    • SHA1

      de58f44a144ca81fdfc2b3a52a3783e33bdc9978

    • SHA256

      cddd21062a963b8e39b287353c875c2bad4b8ce40596f4d2f74cfef3c7b2894d

    • SHA512

      e1e965775f0a2bc43725943dcaed73d4fe7fa37981fed8763d5e563909de8e3c267ad040889c591acab9759dd8bd78130a127f71bd56ed8ed25c904450eb7ac7

    • SSDEEP

      6144:sPsecSxB6kWxhdrmznpIwxbDscyQZbicEY0TXaVMeT:osd6BWWtscyQBi4T

    Score
    3/10
    • Target

      Nightlight-v.1.6/fix.txt

    • Size

      320B

    • MD5

      f03214a99502be53b81a8bf340783093

    • SHA1

      9a5b0dba11c3fc5c07d4a396ce371759e05acf2a

    • SHA256

      ae3648b611e9ad9011069cc83730506e7dffe40c1b1a7d8c0ba4313ff1805f77

    • SHA512

      afda0e33df755c7d3dcfed1701d34110eda415c1ab19a10ce813e34a946c6fc67d75613deb8c6c415bb265a11c894c577e235d28baf20c3210cb30a6f76c5abd

    Score
    1/10
    • Target

      Nightlight-v.1.6/gui_images/clipboard.png

    • Size

      708B

    • MD5

      5928442bf2b7571ff23692278c7d3419

    • SHA1

      38d0d8113d29840b2d744783caabd206af18251e

    • SHA256

      73176dfd2addd67c8eec7750f603dcb607d3f3e76458aeb95c0e07cadd5503a8

    • SHA512

      8c47ae8f0c646851fe6885e12f74e670a99a999dae4fd3316ee2ccb6d891eb1b61099c7d53c2952440bd90bc7863acb37cb606fd77d7ffa4943100d75044dca3

    Score
    3/10
    • Target

      Nightlight-v.1.6/gui_images/help.png

    • Size

      1KB

    • MD5

      7a13e9fb75eb16d860d32808eb64ff36

    • SHA1

      d2325b2fc24980477952722c3b9911a7b1a1f539

    • SHA256

      2ab20b70d5e052223bbb372dd08e43ad5c25d7949c3633af6267d8da4fd1348c

    • SHA512

      c12352b77d50c93f04d580291ee81f45f512c214eccae5a5190cf4d94ce2974384f41c0b2c204345886e4169a24cab014a5fbd5dbebfa400bffc396f95a26b1b

    Score
    3/10
    • Target

      Nightlight-v.1.6/gui_images/home.png

    • Size

      873B

    • MD5

      0f46864fc6bef1e7fa7d23e9c3644d9c

    • SHA1

      bbe1a9c732b0ed43b92e0216a0c1eb984462ad6f

    • SHA256

      d6c09209d3b5aa45c99cbf4a26b16ce0230c3d33974a8cba410ba4bfdfb5d1a1

    • SHA512

      ab99ee73f10396ac149d7382686df42fa31d9f22d7ec4d516ee36c11cbf9b8a04f02a71805f4910390571e28bf13d403df25a372d2450acf456de5ce623e6c1f

    Score
    3/10
    • Target

      Nightlight-v.1.6/modules/modulefix.bat

    • Size

      376B

    • MD5

      0ff16789940e42898ccaf049525be407

    • SHA1

      d2cac0298cdfb1cc4c64bca6278a1d908115ffc2

    • SHA256

      485e1615d563d6d6abdc7b619a2da7f93a721827820cf3eae444f646d7d84a16

    • SHA512

      81dfb7c55e9cb1093b91935d95a6c04486626e21cb292faf497a8f769ba438a5ed41c4ce197caa260b1a4e14ef6cdc1bd70fd25d5dd4a7c75a46dd7ef0cd724a

    Score
    1/10
    • Target

      Nightlight-v.1.6/nightlight.exe

    • Size

      33.7MB

    • MD5

      a7769797c72b2fc4e620073505acbd2e

    • SHA1

      6cadf4dc73da9edeaea5c28fe3ce7adf758953f4

    • SHA256

      816a5fd7a87c93dec2527139e8ed60f3fb108a3cff6cf8df9d2ddd13886a7b4a

    • SHA512

      f7ff7d6f184f875fd8e28e01ffc3055c1eec22544255f945e588278f619cdcdd59beeecd9de53144e3819c63f277b5f1b1c2d169b5ab1d29c0bdd3be0bef3992

    • SSDEEP

      786432:4f9AOQN72Q1JbTiumfSfz+EvbJESWqEp+0/pW/UyTov:4VAOQNR1xTivfSffvb6qrSaU4ov

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      loader-o.pyc

    • Size

      4.6MB

    • MD5

      b87c750a9fcea1691d6a6e5d98925db8

    • SHA1

      c19bcc87c3302b9f136dbc5fbfc2ef1154646e93

    • SHA256

      dc9236364da776e091a1fae2a51d71c909180724d386b9b3866cd4b921c0e267

    • SHA512

      75bbe0db8eaf11f8bf11f2e6a375e67767891c5e9cf0fdcd414ca0152b125b48173160af17ebb66944ec6c7b32401f302267de992adc813c7948b3abddb9f239

    • SSDEEP

      3072:B4gwoV+6T4hoVoQKrW1FuixTfayVpIJiRYhVOUXsXzYsWUHgxT605AAvFCZjKPH0:7sUt

    Score
    3/10
    • Target

      Nightlight-v.1.6/requirements.txt

    • Size

      179B

    • MD5

      668f8a90d7b9157c46cc2227c450a02e

    • SHA1

      3a018d6f6b4663db89dcb06203feb7700e2bd7cc

    • SHA256

      59bfa1e189f742ef6c422b72ebd2c8191ad303215496370e2eaf51bc8e4f4d65

    • SHA512

      8710df9270a003c7c29b9b172b92ae7cd0505a11b3f233f6dc37887ee3c1f0166512cb283e148e49758bc9c12c204ba6c670a31198a8911795eeb897507b2697

    Score
    1/10
    • Target

      Nightlight-v.1.6/setup.bat

    • Size

      647B

    • MD5

      0f1b9bc2ec9b838a4b470ee1a2e5cfb7

    • SHA1

      cdf553be5a5cd1277e0b92c148adb4bf208d5bea

    • SHA256

      0818d2ab5319ac9a0e30bc62092b872a3b2a233414b11316f3ad6913471482e6

    • SHA512

      4658c9595a763032b335e3a813a488a252e293a00e3a84c60264d1b162b716b6f68ac332cd74e95d8551406a5712a70201691131c838e2ce3cb50ec8dd5f1902

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks