Overview
overview
7Static
static
1Nightlight-v.1.6.zip
windows10-2004-x64
7Nightlight...DME.md
windows10-2004-x64
3Nightlight...er.jpg
windows10-2004-x64
3Nightlight...ui.jpg
windows10-2004-x64
3Nightlight...ix.txt
windows10-2004-x64
1Nightlight...rd.png
windows10-2004-x64
3Nightlight...lp.png
windows10-2004-x64
3Nightlight...me.png
windows10-2004-x64
3Nightlight...ix.bat
windows10-2004-x64
1Nightlight...ht.exe
windows10-2004-x64
7loader-o.pyc
windows10-2004-x64
3Nightlight...ts.txt
windows10-2004-x64
1Nightlight...up.bat
windows10-2004-x64
1General
-
Target
Nightlight-v.1.6.zip
-
Size
34.0MB
-
Sample
241110-behynawejd
-
MD5
3be558bc5eec26670a00303ae63af6dc
-
SHA1
b06795688d2552516c7c47c9fca8e84ab08db46b
-
SHA256
325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923
-
SHA512
3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6
-
SSDEEP
786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz
Static task
static1
Behavioral task
behavioral1
Sample
Nightlight-v.1.6.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Nightlight-v.1.6/README.md
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Nightlight-v.1.6/decoration/banner.jpg
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
Nightlight-v.1.6/decoration/nightlightgui.jpg
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Nightlight-v.1.6/fix.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
Nightlight-v.1.6/gui_images/clipboard.png
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Nightlight-v.1.6/gui_images/help.png
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
Nightlight-v.1.6/gui_images/home.png
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Nightlight-v.1.6/modules/modulefix.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
Nightlight-v.1.6/nightlight.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
loader-o.pyc
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
Nightlight-v.1.6/requirements.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Nightlight-v.1.6/setup.bat
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Nightlight-v.1.6.zip
-
Size
34.0MB
-
MD5
3be558bc5eec26670a00303ae63af6dc
-
SHA1
b06795688d2552516c7c47c9fca8e84ab08db46b
-
SHA256
325420b49220c37a246835f3696672b280de383baf49a7d790c2bbfeae6a3923
-
SHA512
3ad04f698f7d426669e992e74fd31525d8c6ede1093637a1d6fec73ef4c0ef7c1b5b2ca96f4f8bd0d4199e09dc515d3d1d7ef2662ca9beb0971bfa83025694d6
-
SSDEEP
786432:f2juf4wsijiSLfvNqOqJISVq2S91BRrK2eCEijVI6JdgEkGaN4z:fGuf46ZLnNqHJISlS9heCEMiA5kRSz
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Nightlight-v.1.6/README.md
-
Size
1KB
-
MD5
27ec2b643074c461e0057f6e07014bf7
-
SHA1
a9b9957353233f94cf271663928368a6077619e2
-
SHA256
26b3dbc3765c2c6edc3a5c419b5a9efc1e93774e05699124e847ef9577386c84
-
SHA512
a34503dbca652878580c0d9b9b4d9748bbfd15176de8156f4ab76cb4f33b9b88b14935b144c06bc9d533bcfcf1c15baa7ba55d3a3b89c1d55f00d2c4c4c4efe2
Score3/10 -
-
-
Target
Nightlight-v.1.6/decoration/banner.jpg
-
Size
282KB
-
MD5
a8988d2b200707a49247c909879f7fe7
-
SHA1
140927a6b6316d7c948c29d69b52a2bb261a6ff9
-
SHA256
b445302de4a9116ae166e21dbb886f97c554d20e2d5555d41df62a0a103cf35e
-
SHA512
1d935ad7462f954d2bf931f28ecd4dff38b33993dbaed161d7a2fbb6ba337a0f83df28b8f3b0c66bcef2627b289a5c816f661b2dd63d1b2dbc7f54f465629aba
-
SSDEEP
6144:h917+oTjZXZMpjlk4zDhA3rW76DIHi8uvWORVEUneJaBDJQ9i:h/pntQnyS6AitvDRVTmgDJH
Score3/10 -
-
-
Target
Nightlight-v.1.6/decoration/nightlightgui.jpg
-
Size
308KB
-
MD5
9d85dd97b949ab7b03315cb5a14c9fe0
-
SHA1
de58f44a144ca81fdfc2b3a52a3783e33bdc9978
-
SHA256
cddd21062a963b8e39b287353c875c2bad4b8ce40596f4d2f74cfef3c7b2894d
-
SHA512
e1e965775f0a2bc43725943dcaed73d4fe7fa37981fed8763d5e563909de8e3c267ad040889c591acab9759dd8bd78130a127f71bd56ed8ed25c904450eb7ac7
-
SSDEEP
6144:sPsecSxB6kWxhdrmznpIwxbDscyQZbicEY0TXaVMeT:osd6BWWtscyQBi4T
Score3/10 -
-
-
Target
Nightlight-v.1.6/fix.txt
-
Size
320B
-
MD5
f03214a99502be53b81a8bf340783093
-
SHA1
9a5b0dba11c3fc5c07d4a396ce371759e05acf2a
-
SHA256
ae3648b611e9ad9011069cc83730506e7dffe40c1b1a7d8c0ba4313ff1805f77
-
SHA512
afda0e33df755c7d3dcfed1701d34110eda415c1ab19a10ce813e34a946c6fc67d75613deb8c6c415bb265a11c894c577e235d28baf20c3210cb30a6f76c5abd
Score1/10 -
-
-
Target
Nightlight-v.1.6/gui_images/clipboard.png
-
Size
708B
-
MD5
5928442bf2b7571ff23692278c7d3419
-
SHA1
38d0d8113d29840b2d744783caabd206af18251e
-
SHA256
73176dfd2addd67c8eec7750f603dcb607d3f3e76458aeb95c0e07cadd5503a8
-
SHA512
8c47ae8f0c646851fe6885e12f74e670a99a999dae4fd3316ee2ccb6d891eb1b61099c7d53c2952440bd90bc7863acb37cb606fd77d7ffa4943100d75044dca3
Score3/10 -
-
-
Target
Nightlight-v.1.6/gui_images/help.png
-
Size
1KB
-
MD5
7a13e9fb75eb16d860d32808eb64ff36
-
SHA1
d2325b2fc24980477952722c3b9911a7b1a1f539
-
SHA256
2ab20b70d5e052223bbb372dd08e43ad5c25d7949c3633af6267d8da4fd1348c
-
SHA512
c12352b77d50c93f04d580291ee81f45f512c214eccae5a5190cf4d94ce2974384f41c0b2c204345886e4169a24cab014a5fbd5dbebfa400bffc396f95a26b1b
Score3/10 -
-
-
Target
Nightlight-v.1.6/gui_images/home.png
-
Size
873B
-
MD5
0f46864fc6bef1e7fa7d23e9c3644d9c
-
SHA1
bbe1a9c732b0ed43b92e0216a0c1eb984462ad6f
-
SHA256
d6c09209d3b5aa45c99cbf4a26b16ce0230c3d33974a8cba410ba4bfdfb5d1a1
-
SHA512
ab99ee73f10396ac149d7382686df42fa31d9f22d7ec4d516ee36c11cbf9b8a04f02a71805f4910390571e28bf13d403df25a372d2450acf456de5ce623e6c1f
Score3/10 -
-
-
Target
Nightlight-v.1.6/modules/modulefix.bat
-
Size
376B
-
MD5
0ff16789940e42898ccaf049525be407
-
SHA1
d2cac0298cdfb1cc4c64bca6278a1d908115ffc2
-
SHA256
485e1615d563d6d6abdc7b619a2da7f93a721827820cf3eae444f646d7d84a16
-
SHA512
81dfb7c55e9cb1093b91935d95a6c04486626e21cb292faf497a8f769ba438a5ed41c4ce197caa260b1a4e14ef6cdc1bd70fd25d5dd4a7c75a46dd7ef0cd724a
Score1/10 -
-
-
Target
Nightlight-v.1.6/nightlight.exe
-
Size
33.7MB
-
MD5
a7769797c72b2fc4e620073505acbd2e
-
SHA1
6cadf4dc73da9edeaea5c28fe3ce7adf758953f4
-
SHA256
816a5fd7a87c93dec2527139e8ed60f3fb108a3cff6cf8df9d2ddd13886a7b4a
-
SHA512
f7ff7d6f184f875fd8e28e01ffc3055c1eec22544255f945e588278f619cdcdd59beeecd9de53144e3819c63f277b5f1b1c2d169b5ab1d29c0bdd3be0bef3992
-
SSDEEP
786432:4f9AOQN72Q1JbTiumfSfz+EvbJESWqEp+0/pW/UyTov:4VAOQNR1xTivfSffvb6qrSaU4ov
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
loader-o.pyc
-
Size
4.6MB
-
MD5
b87c750a9fcea1691d6a6e5d98925db8
-
SHA1
c19bcc87c3302b9f136dbc5fbfc2ef1154646e93
-
SHA256
dc9236364da776e091a1fae2a51d71c909180724d386b9b3866cd4b921c0e267
-
SHA512
75bbe0db8eaf11f8bf11f2e6a375e67767891c5e9cf0fdcd414ca0152b125b48173160af17ebb66944ec6c7b32401f302267de992adc813c7948b3abddb9f239
-
SSDEEP
3072:B4gwoV+6T4hoVoQKrW1FuixTfayVpIJiRYhVOUXsXzYsWUHgxT605AAvFCZjKPH0:7sUt
Score3/10 -
-
-
Target
Nightlight-v.1.6/requirements.txt
-
Size
179B
-
MD5
668f8a90d7b9157c46cc2227c450a02e
-
SHA1
3a018d6f6b4663db89dcb06203feb7700e2bd7cc
-
SHA256
59bfa1e189f742ef6c422b72ebd2c8191ad303215496370e2eaf51bc8e4f4d65
-
SHA512
8710df9270a003c7c29b9b172b92ae7cd0505a11b3f233f6dc37887ee3c1f0166512cb283e148e49758bc9c12c204ba6c670a31198a8911795eeb897507b2697
Score1/10 -
-
-
Target
Nightlight-v.1.6/setup.bat
-
Size
647B
-
MD5
0f1b9bc2ec9b838a4b470ee1a2e5cfb7
-
SHA1
cdf553be5a5cd1277e0b92c148adb4bf208d5bea
-
SHA256
0818d2ab5319ac9a0e30bc62092b872a3b2a233414b11316f3ad6913471482e6
-
SHA512
4658c9595a763032b335e3a813a488a252e293a00e3a84c60264d1b162b716b6f68ac332cd74e95d8551406a5712a70201691131c838e2ce3cb50ec8dd5f1902
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3