f5130b7f56e9585fec62e97af6e46eabfdb74cb465d999663b88066bb8f1f060

Sharing

Copy URL

Twitter E-mail

General

Target

Nexam (1) (1).zip
Size

43.3MB
Sample

241209-312fnswmd1
MD5

1c97c2b0f032a52c9a1be9d3a5e8e57c
SHA1

61ab528976305b4f74b6940c550ae58f04fc29f5
SHA256

f5130b7f56e9585fec62e97af6e46eabfdb74cb465d999663b88066bb8f1f060
SHA512

54e0c740707eebc211111eeeff4b80cfc45e058c86bb920ef81f105487438cf0e67deccacd6189e71da2f945c588c7a0df64798db360db87411b926c8de2a563
SSDEEP

786432:dKcsb6jhYwJSWpMtXoJ/xfj2S4c2pPQtQ5xn8YrYNj:dWGjLSWcofYc2pIt6P0j

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Debug/Microsoft.Bcl.AsyncInterfaces.xml
- Size
  
  30KB
- MD5
  
  f2f0dff684b90ee0d5588f541617d8e9
- SHA1
  
  507be00960cd145c6f46c60ca8088e2e0b69701f
- SHA256
  
  2bca72654bac72cd4a20905452584f1f07e2bbfc5ab84e46f5855b621a06ccc4
- SHA512
  
  2fc09e130326a40aa63268f07dbef01f6f73df881ae18f7cf14cad6af0960ef6f86926d2d3a851cd00f02c0ed08481ed75672aefc2bee943c4ef5f8676797fc1
- SSDEEP
  
  384:XgOpngSae6jWuTPP/xM2fB8qnmltJ5XZzRzgqW81Fu3DRmfCh7sE+siDBQsFJIs+:0FQJNTG7TIcXn
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Debug/Monaco/.git/info/exclude
- Size
  
  240B
- MD5
  
  036208b4a1ab4a235d75c181e685e5a3
- SHA1
  
  c879df015d97615050afa7b9641e3352a1e701ac
- SHA256
  
  6671fe83b7a07c8932ee89164d1f2793b2318058eb8b98dc5c06ee0a5a3b0ec1
- SHA512
  
  9828c6ecdf91bf117416e17f4ee9caee2e1e37b6fb00b9ff04035ace17a3089b9d0a25c6baa1046c0e1c62d3da88838e8fca74ea82973d6b975905fde58f3072
Score

1^/10
behavioral3 behavioral4
- Target
  
  Debug/Monaco/Fonts/JetBrainsMono-Regular.ttf
- Size
  
  167KB
- MD5
  
  0189ed701950c39aca7664f1e9c3781f
- SHA1
  
  b0b6367aba2b3b1af5bada719d1c60fb3f948153
- SHA256
  
  1f376439c75ab33392eb7a2f5ec999809493b378728d723327655c9fcb45cea9
- SHA512
  
  6b1ec7ca142cfd4e4c10f4d111418a1e5f02caa51375a1e7f910ec4d4c597bf8ae4d7592954c46ab3cb638028ee7f78ed4503c873c20241d39e116749cd6bd3f
- SSDEEP
  
  3072:6P9e1jwajdz5///geSPx0tCxS0SHWaTYJDKcHjHORg:6P9e1Eajdz5/XMyCxS0SvCHjHZ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  Debug/Monaco/Fonts/JetBrainsMono-Regular.woff2
- Size
  
  56KB
- MD5
  
  8b0d4df1e1345ca043a37fff49f47ed6
- SHA1
  
  0927db10012a27d2504240a93cf79077097da4dd
- SHA256
  
  d43399032a7a3c539287a31645ded08075a3ca72de0921b62a51f65c3ca7a002
- SHA512
  
  49d39d5196245c531f5dff304efd0367d1b95c805c3ee89f201105345a5d8a64e84bafa80a860ed918a0ec343da98c07f412a4ca3935b8088d982275681731e1
- SSDEEP
  
  1536:EUxT91+sbKKeF5cSY8m3A3Ui9BRjg9/EtePGSsBd:f91+sbKKccrT3A5uMteHU
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Debug/Monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf
- Size
  
  69KB
- MD5
  
  a1cef3d530e1adb0f52b2f62994a2aca
- SHA1
  
  074579894ad91265941fbce44d2b41c863797cf6
- SHA256
  
  4946e7465803ccab735800d9236f188c2200d28b395e77727e9aa0baa443b87a
- SHA512
  
  423656417849bddd0f7bf01138d9de54b334fc0ca64f28c5d679f66e38f5bc3c601a0faa166734cde4c2ec1e56983c36ceabdb3265c414fc40a7ee3798ede52d
- SSDEEP
  
  1536:ex5Ez/D8G5dlHwkP/7BzekxVL7/b/SS0/hczE00phJgZExGk:ex5Ez/D84HwKxemVHbKSm+zEXHJMrk
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/fppmbhmldokgmleojlplaaodlkibgikh_1.A81D1959892AE4180554347DF1B97834ABBA2E1A5E6B9AEBA000ECEA26EABECC
- Size
  
  952KB
- MD5
  
  1a9c030cf025d340ff394cd9e5b664f3
- SHA1
  
  c1e8490662903d90de97760cb3102426f2784bd9
- SHA256
  
  a81d1959892ae4180554347df1b97834abba2e1a5e6b9aeba000ecea26eabecc
- SHA512
  
  7a9584c96849b1c8c623119bea4255a628e0f36d3a5f670e9c6a20f84d250fee859751a521322864b1577d7ca3ecdd7ee805c0f35bd7d74ddf43afc9f2abf8cb
- SSDEEP
  
  24576:LwrAaUx3buUhBVQYflCitQKjQKR6kizJqpAGQ7xj8pUvQCg2:LCAH3ZsYflCiuKjgkc7B8mvQC9
Score

1^/10
behavioral11 behavioral12
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/kpfehajjjbbcifeehjgfgnabifknmdad_1.00AF3F07B5ABB71F6D30337E1EEF62FA280F06EF19485C0CF6B72171F92CCC0A
- Size
  
  1.0MB
- MD5
  
  14ef2d35ee97e8be10d6046b2e1942de
- SHA1
  
  8ad139e47d4d58df369e40c025923be0d82a5f9b
- SHA256
  
  00af3f07b5abb71f6d30337e1eef62fa280f06ef19485c0cf6b72171f92ccc0a
- SHA512
  
  f6e646031caa27f972b222a94aee3b2b610db686009e1dee6fbf0c4ac7ba6edb632eafd9ed81e15bb011e2c31ed4dda82b16dac560ed68596159ec29064ecda3
- SSDEEP
  
  24576:OgtkaswlAtUVNexKSU7EmXzDRx2I1woiB/ArwoiBM8u:OgtkaFlMHQQ2zDRQII///u
Score

1^/10
behavioral13 behavioral14
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ndikpojcjlepofdkaaldkinkjbeeebkl_1.69D0D51AD8D1AABAAE811B5BC6F72729BEEBE8AB40C8E6080C8255453F913377
- Size
  
  1.6MB
- MD5
  
  4e1b8110c0051df94a611086b3afce68
- SHA1
  
  76d1fda433efdfde03006189e9727c270e4a6936
- SHA256
  
  69d0d51ad8d1aabaae811b5bc6f72729beebe8ab40c8e6080c8255453f913377
- SHA512
  
  67112ab375f836e12af54062540d60737683e331d07fecb2f4e830ee005ac093169dccd1bf12f60e5ad5c52cca869950ae5f0ba5b01c007c47599329e0bd6842
- SSDEEP
  
  49152:iGB5EH8IGiLHJo65GLK3LJYI+Sk6hHePu3:t5s8bko6IW3LJYI+R6cPY
Score

1^/10
behavioral15 behavioral16
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/oankkpibpaokgecfckkdkgaoafllipag_1.1AB07E887ACCA305058EEAB9053C96DC531C2C5C067AB4F30AFA2B31F1EDD966
- Size
  
  22KB
- MD5
  
  025fe5bcab10e941f276145d9d00ec80
- SHA1
  
  ac4c2c93fe10274716ec5603452269a8b5b31f71
- SHA256
  
  1ab07e887acca305058eeab9053c96dc531c2c5c067ab4f30afa2b31f1edd966
- SHA512
  
  3785cfae9f9ad3ecbc40bfbf822cc371965723610af8c6965b8b0a1e3b4728e744a51678178b414329d4b46afa5d3557b44a8723a1d89b7499b09e8f28c8c535
- SSDEEP
  
  384:puLGn1KIHXgrjzeReRlhv5bzX1sf8ANFlBZlVgQUP49fmA4tVyk4exlfiMRoLndl:puLqgrr/hv514lZmJUei/nb
Score

1^/10
behavioral17 behavioral18
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/component_crx_cache/ohckeflnhegojcjlcpbfpciadgikcohk_1.95FD9D48E4FC245A3F3A99A3A16ECD1355050BA3F4AFC555F19A97C7F9B49677
- Size
  
  1KB
- MD5
  
  89fb6ce8c3a916d3d5a46bb06d99b190
- SHA1
  
  38a1828a642f128fcc644190dff9ba10a869db8f
- SHA256
  
  95fd9d48e4fc245a3f3a99a3a16ecd1355050ba3f4afc555f19a97c7f9b49677
- SHA512
  
  e5f2c9a4f07d5d683687da44711af5b102b478cb76d547b74672656a5283b9c8b4564ca8472255a803e22bf3bb00ff2b66b4bb0f2e8da1909d4082cb7ceeca9d
Score

1^/10
behavioral19 behavioral20
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/_metadata/verified_contents.json
- Size
  
  7KB
- MD5
  
  117d173e82b282deca740475e35c8ecd
- SHA1
  
  912b12b993507ebd9af6bdc937559b4d4b58a0d8
- SHA256
  
  65491b21947d60c87c6358dcf69df9aca2b99e8f3b611bd3d559699bbc25000b
- SHA512
  
  e455c0bb68e9056c6242058fcba954bc1d5ea4a864e99be008b2745c51209b477bd7bdba57006be4a02a09bda49c0cdc17e8f870c81c7771864640950f5f9a93
- SSDEEP
  
  96:RhZIpt7VgtFD3F8CMXuuzaRFJrb7ghNglFjPu3ljl7arVSQi6E/swokYglZ:Ryt7VgtFD3FaeTrgCtP0dyCDsoYgn
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-af.hyb
- Size
  
  70KB
- MD5
  
  ffa9db945f0f0c15b8bba75a6e064880
- SHA1
  
  49217a9d5bb7a868464403b4e3c82e80df53456c
- SHA256
  
  5487ee44a4cd706d0086522e90c59c76cdf2ac68ce506fd3eae6054b9220c0cf
- SHA512
  
  cc67b2dfbbb009dd3fdb999fe86410425455613c12dac755a3cded435cd25ca4363782d70f3b7bb7c0fdd63e2eb649ae6a4053d929f463b646b43d7dbfda79c0
- SSDEEP
  
  1536:dH4Yzf/r1T2bhKC+wQ/MJ4tpBMfWDMxFaye3yrGZ3vGV9YODhX3yKfhGt:dxLr1qFKpNpufWIqye3KgGVnDxe
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-as.hyb
- Size
  
  703B
- MD5
  
  8961fdd3db036dd43002659a4e4a7365
- SHA1
  
  7b2fa321d50d5417e6c8d48145e86d15b7ff8321
- SHA256
  
  c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
- SHA512
  
  531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-be.hyb
- Size
  
  5KB
- MD5
  
  087de134f3b23a9944afd711a9667a0b
- SHA1
  
  1b67d0a65ef91295207d66e62b682803aa74ef00
- SHA256
  
  25b7cfa039f82ac92990e1789de40988d490db9b613852fb24036b38ff87893c
- SHA512
  
  42c0b51e0e28109a7058d3fc03fa7bef8b25c9b3c8bb74933574fad06c061fd1636b53eeeacf652e438d4df08002db449681be9e6e6821ec23d32a8be1778998
- SSDEEP
  
  96:mmfvnESaDPq1iYM7N8gyurprJr/P5FwBlh/RT95vtEUnbpwROaQPP/KV2L+HCdYV:XfYPq1iYyNk5p50OwQPP/KV2L+HCinCO
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bg.hyb
- Size
  
  3KB
- MD5
  
  e8a4f8f5238f9a0ff6968ad8dba2755f
- SHA1
  
  abf002ff28b3aa2a59948225e5e600096348caa7
- SHA256
  
  7593f0395081e3eeb2d8516d10746608afd826cffd4e7e37d53936993d200a13
- SHA512
  
  b54811e1be6e63bf19e408ac4ae9da86e1473e4e8f1e9d517d907e025be20fa6979517339ec6defd0ec30613ed42a97d88111d39297214afa7606597cba5ea86
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Debug/Nexam.exe.WebView2/EBWebView/hyphen-data/120.0.6050.0/hyph-bn.hyb
- Size
  
  703B
- MD5
  
  8961fdd3db036dd43002659a4e4a7365
- SHA1
  
  7b2fa321d50d5417e6c8d48145e86d15b7ff8321
- SHA256
  
  c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
- SHA512
  
  531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32