Overview

overview

7

Static

static

3

NylithBoot...er.rar

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NylithBootstrapper.rar

  • Size

    239KB

  • Sample

    241121-nw8lvs1rhx

  • MD5

    a67e15aedb0a73d21e870b97706f87cc

  • SHA1

    51bc2af8d6705ae6f59c9642a99410d2fa442856

  • SHA256

    a537628fc0239ee5e022eb18eb2359c31e5e0a39ecc71b50b0b69003f53914ee

  • SHA512

    997fcf27cc9c2d85f4aa163696876b1162ff23957e290a35950f22bd8a6d6e8291524c828ed6e83d6422d845f1e44a0c67d3cb936b6981d3bfb7054bc661a5a9

  • SSDEEP

    6144:grcWEduyk9P8ZjdfNfOzpPT7t5o2XBCayCRMiO6u2a0/VIoEw/:JIy2P0d1+JLo6TMiOE/mb0

Score
7/10
discovery

Malware Config

Targets

    • Target

      NylithBootstrapper.rar

    • Size

      239KB

    • MD5

      a67e15aedb0a73d21e870b97706f87cc

    • SHA1

      51bc2af8d6705ae6f59c9642a99410d2fa442856

    • SHA256

      a537628fc0239ee5e022eb18eb2359c31e5e0a39ecc71b50b0b69003f53914ee

    • SHA512

      997fcf27cc9c2d85f4aa163696876b1162ff23957e290a35950f22bd8a6d6e8291524c828ed6e83d6422d845f1e44a0c67d3cb936b6981d3bfb7054bc661a5a9

    • SSDEEP

      6144:grcWEduyk9P8ZjdfNfOzpPT7t5o2XBCayCRMiO6u2a0/VIoEw/:JIy2P0d1+JLo6TMiOE/mb0

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks