Overview

overview

10

Static

static

10

neverlose.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    neverlose.exe

  • Size

    107.5MB

  • Sample

    241201-nf5v2aznfx

  • MD5

    8c748a07001e91897cd79e4dac21e356

  • SHA1

    7dfd0c37cb13cc0f2fd53e54bceb89cb6722ec70

  • SHA256

    d9f3a458cfc38193372964676f1c041ae51b9fd4fc45f52444ac8b3f80290920

  • SHA512

    e53513afa6676bcb1811af27875fac8756deaa5a20b61ebf419426f06c92fcc2d2687ba91e3e8099ce49e9dbadca37c560cb8e93162e940155884462beac64fe

  • SSDEEP

    3145728:6UHeCRRS6xjKcBa6/2qHO5iFpBnG0iWMstB2OxQsyvGL:RHJjSWNa6NHCibhieBu

Score
10/10
pysilonevasionexecutionpersistencepyinstaller

Malware Config

Targets

    • Target

      neverlose.exe

    • Size

      107.5MB

    • MD5

      8c748a07001e91897cd79e4dac21e356

    • SHA1

      7dfd0c37cb13cc0f2fd53e54bceb89cb6722ec70

    • SHA256

      d9f3a458cfc38193372964676f1c041ae51b9fd4fc45f52444ac8b3f80290920

    • SHA512

      e53513afa6676bcb1811af27875fac8756deaa5a20b61ebf419426f06c92fcc2d2687ba91e3e8099ce49e9dbadca37c560cb8e93162e940155884462beac64fe

    • SSDEEP

      3145728:6UHeCRRS6xjKcBa6/2qHO5iFpBnG0iWMstB2OxQsyvGL:RHJjSWNa6NHCibhieBu

    Score
    9/10
    evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks