General
-
Target
Nexus.zip
-
Size
8.2MB
-
Sample
241121-kymwdszrh1
-
MD5
35b3becadd9be82143576cb79f58d3e0
-
SHA1
3d2f7074399b42acd183400d3f9732b777f1e4f9
-
SHA256
b78d33ff1d9181a618e3403beda0aec5dbdd1fd3a430216e75912c317a84ce03
-
SHA512
03db3fbd8ec22f3782a2d4620b59506f4d977b4c3eb0161d2ec4c3776b8d89a6ecd8969faac9a99d5a7180826bae6fe73d8070faeeaf3c499d585649dd7285b3
-
SSDEEP
196608:8kN7/DyjClL8MEMPSRWhycWpQGkwip8DPcWPJgtiG00BB4JSyyPkY:8E/oClxEi5cpQGfJTcQwPBjqY
Behavioral task
behavioral1
Sample
Nexus/Bootstrapper.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Nexus/Bootstrapper.exe
-
Size
8.3MB
-
MD5
4c0a2aaf52a61c79953070adf85c810d
-
SHA1
e30c5f2398b3129789feee60134d79994a77fa75
-
SHA256
304ed8a95905a18665c4017e1216cc4bafeae5461a998c23b8301e6c2c410d8f
-
SHA512
3d078a456f697430e8226cbcc5dd9741b1275e86c978fa8e21e1e070aaddda0865e2e4170e2e13f0d3bad9b9e30ad91ebb8690ee568c3e3a20c3eefb76e97525
-
SSDEEP
196608:cVuYLwfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/je:LIHziK1piXLGVE4UrS0VJC
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3