Resubmissions

16-11-2024 14:20

241116-rnk3daxkez 10

16-11-2024 14:18

241116-rmjg6axkds 10

General

  • Target

    NovaFix.exe

  • Size

    15.8MB

  • Sample

    241116-rnk3daxkez

  • MD5

    17660ffd18fea1aef4b0211aa64eadaf

  • SHA1

    c490b67db3ca9b660bdd75e9289a6320c8468356

  • SHA256

    848db7fd2e97fc55b86ea5b52db37680f1f7f80e0940483002d7e903266180d7

  • SHA512

    bda84e8618df836bc287cd676eb8894ea76ada0df120f7f3697bf8eb6089d74e19c3141b57d32811c8edbee610b9347e40c0c1e78072bbfe2d70b71e5652857f

  • SSDEEP

    393216:uiIE7Yo9+4uOwKntpUTLfhJsW+eGQRe9jo7BGcG/3JrO0WCWLu:v7r9+RONHUTLJSW+e5Re9M0VWLu

Malware Config

Targets

    • Target

      NovaFix.exe

    • Size

      15.8MB

    • MD5

      17660ffd18fea1aef4b0211aa64eadaf

    • SHA1

      c490b67db3ca9b660bdd75e9289a6320c8468356

    • SHA256

      848db7fd2e97fc55b86ea5b52db37680f1f7f80e0940483002d7e903266180d7

    • SHA512

      bda84e8618df836bc287cd676eb8894ea76ada0df120f7f3697bf8eb6089d74e19c3141b57d32811c8edbee610b9347e40c0c1e78072bbfe2d70b71e5652857f

    • SSDEEP

      393216:uiIE7Yo9+4uOwKntpUTLfhJsW+eGQRe9jo7BGcG/3JrO0WCWLu:v7r9+RONHUTLJSW+e5Re9M0VWLu

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks