6dba900ba4e73e88cf3d3a062f71735f30e615436d01aa96d18545e97d31a5a4 | Triage

Sharing

General

Target

Nezur_Executor.zip
Size

22.5MB
Sample

241221-r267rs1ndt
MD5

4d37f25041bdde67a14e56c81df22d2d
SHA1

889cdd97c8e162e7b252f9a697c6458076b49483
SHA256

6dba900ba4e73e88cf3d3a062f71735f30e615436d01aa96d18545e97d31a5a4
SHA512

e8b8d2954158f0f263a46dfb018fd1cf13d9f6c3ef9de2add1dd2cd23be8b42dd50fff15fd89230c81df7a73ad8e16aeca8014db302f22505b3187b866d0ce05
SSDEEP

393216:CUvQPnPTpXYGgYlaUucsYWCa+uiGgphlV+ybX9ltoIY1VzH7X9wmRJ4rSm9Hhy/m:HvQvdXnO1sFXPKPqja/fltD3IFj

Score

7^/10

discovery themida

Malware Config

Targets

- Target
  
  Nezur_Executor.zip
- Size
  
  22.5MB
- MD5
  
  4d37f25041bdde67a14e56c81df22d2d
- SHA1
  
  889cdd97c8e162e7b252f9a697c6458076b49483
- SHA256
  
  6dba900ba4e73e88cf3d3a062f71735f30e615436d01aa96d18545e97d31a5a4
- SHA512
  
  e8b8d2954158f0f263a46dfb018fd1cf13d9f6c3ef9de2add1dd2cd23be8b42dd50fff15fd89230c81df7a73ad8e16aeca8014db302f22505b3187b866d0ce05
- SSDEEP
  
  393216:CUvQPnPTpXYGgYlaUucsYWCa+uiGgphlV+ybX9ltoIY1VzH7X9wmRJ4rSm9Hhy/m:HvQvdXnO1sFXPKPqja/fltD3IFj
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.Core.xml
- Size
  
  611KB
- MD5
  
  6c5c5290bdd2d4072d64a3f8aac6d02e
- SHA1
  
  a610567951bf885e11ee5dabfd87dd1d37e4f50d
- SHA256
  
  1cf4f0c0994cdb65fac609dd19755541ae109d917695dfca9c4acae08ebb850e
- SHA512
  
  a77ad02fe706227712c231e7ccae084f8d74bfa490c8879117109746c3cb3bf77feb818e0de03880e03b46d22ad1b8cadd9f14fe2e69b34bc2770632a2311a48
- SSDEEP
  
  12288:rV/cM0fctDZuwKxzdpeqKgan2xqfcan2NPPVeLoBWkO4am+7RufDufBSCspK2sSl:4pBYvfVO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.WinForms.xml
- Size
  
  40KB
- MD5
  
  c09409aac254f17c1c648e6f0464b035
- SHA1
  
  22acb08e12e6ccbc4005c393e78d78be4f64b28e
- SHA256
  
  4b40e49aec5dbda597224f997d57a16645ddc2eb00f31a6329204d1853a2245a
- SHA512
  
  53c46df0f24cafcd81ddedd195bae8dbedef7dd1387691a3ebf856b4dd239c3859fb58a1eaa9a31baa1fbb6e1986270ce567f3e70d110d1d88817f27c8a0dd5a
- SSDEEP
  
  768:3OsdyK4aSPgPxW3uyCG4yCGdryCG/L+GZiyCGRL+P1xb9zU4QPgcRJFXCfPgKehG:3OsdyTaSPg5W3uyf4yfdryf/LzZiyfRI
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Microsoft.Web.WebView2.Wpf.xml
- Size
  
  139KB
- MD5
  
  97ea2301be18aefade073d39302154d0
- SHA1
  
  30f83ae731adcc4e79598c2c21644cf02b909928
- SHA256
  
  e088d2b21902cb8479f782f327925f9e3281b7ee8406966735dd932e5a58e3a9
- SHA512
  
  92a6ce81f5b3f4c7779bb9589d7b6548bbfde0e2ad59d1f31d190c9c75ef95e1dc31a9c763eb11fa62803d997b6af79f4f6e56dd31e3bdff8d0ba4f84c570e5e
- SSDEEP
  
  3072:xOsSyTa4PgfmLC4uyD/D4yDC4dryDJtLryDnLfryDYO/LPm8RLP9R3Ly1vb9QUX7:xOsSyTa4PgfmLC4uyD/D4yDC4dryDJtY
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Nezur_Interface.deps.json
- Size
  
  3KB
- MD5
  
  34c45d78bdd90b1b2bd1d05d715c2849
- SHA1
  
  d84c1a72c1308ded0885659cc99a4d62a868d3af
- SHA256
  
  ee0cf1308dd91eba2003d31e886b88258f9f9943f9a778ae81b358dd9fded546
- SHA512
  
  f6bd271a8e7d240cdb6b4d1e118e81257b0a656285db66ea2c065c86a0c2615559dc753c1bf21e8423f2664d7d960aef4d19771456187e4688c922d654b67a5b
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.fingerprint
- Size
  
  66B
- MD5
  
  0c9218609241dbaa26eba66d5aaf08ab
- SHA1
  
  31f1437c07241e5f075268212c11a566ceb514ec
- SHA256
  
  52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b
- SHA512
  
  5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/manifest.json
- Size
  
  134B
- MD5
  
  58d3ca1189df439d0538a75912496bcf
- SHA1
  
  99af5b6a006a6929cc08744d1b54e3623fec2f36
- SHA256
  
  a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
- SHA512
  
  afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
- Size
  
  3KB
- MD5
  
  6bbb18bb210b0af189f5d76a65f7ad80
- SHA1
  
  87b804075e78af64293611a637504273fadfe718
- SHA256
  
  01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
- SHA512
  
  4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics-spare.pma
- Size
  
  1.2MB
- MD5
  
  1045bfd216ae1ae480dd0ef626f5ff39
- SHA1
  
  377e869bc123602e9b568816b76be600ed03dbd0
- SHA256
  
  439292e489a0a35e4a3a0fe304ea1a680337243fa53b135aa9310881e1d7e078
- SHA512
  
  f9f8fcc23fc084af69d7c9abb0ef72c4684ac8ddf7fa6b2028e2f19fd67435f28534c0cf5b17453dfe352437c777d6f71cfe1d6ad3542ad9d636263400908fd2
- SSDEEP
  
  3::
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/BrowserMetrics/BrowserMetrics-6758B082-4D3C.pma
- Size
  
  1.2MB
- MD5
  
  542ace663b50480a6557c6c614305c04
- SHA1
  
  07bd6451e514ebd17b85974b99a460408d8da780
- SHA256
  
  e70847dc942ae21ce51b8d8b9e4273f6b467d3e57250ecfd26def3eb029cb59e
- SHA512
  
  68942eb72a7f5e10d0360bacb7d4a6ee0c89e9a2f6a57942496c833dcccd80c6267434282b60343a60477ae7873d88255aaa7a3f23b2bf3103260c400bd8d4e7
- SSDEEP
  
  3072:3kvjG1KzbibYg1HFZU0CvOT1CTbGiumFHZBD3XQ8:3kvi1K/ibYaH7U7vOT1CTbGQBD3XQ8
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/crl-set
- Size
  
  21KB
- MD5
  
  846feb52bd6829102a780ec0da74ab04
- SHA1
  
  dd98409b49f0cd1f9d0028962d7276860579fb54
- SHA256
  
  124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4
- SHA512
  
  c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9
- SSDEEP
  
  384:qt71+UBzeWhU6yVS2Ddc0fp/9yYoIJgWUeJuDzeG0LOsr2h9ltQYX9hVPz/HG1pA:a4GBwVPDdFhVyYoPWUiuXeG0K5dQYXFr
Score

1^/10
behavioral21 behavioral22
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.fingerprint
- Size
  
  66B
- MD5
  
  dee9d3bdd016c697d11e370a995e7332
- SHA1
  
  ef13d667efd507e160de165f4f1fe918fc728ca2
- SHA256
  
  a84789942c4436967dba5d0ce45a3f6767bcfebf67b951fbef75cca32e9acd96
- SHA512
  
  1c798ed77fcaccc5ec237cb6618e6425fb7dbbe5f22b2a969b915987fda4be8ecadc265871832f0b7f9b5656433c27f8495eceb16598294fab80e709b2cb3d68
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/CertificateRevocation/6498.2024.12.2/manifest.json
- Size
  
  114B
- MD5
  
  e6cd92ad3b3ab9cb3d325f3c4b7559aa
- SHA1
  
  0704d57b52cf55674524a5278ed4f7ba1e19ca0c
- SHA256
  
  63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d
- SHA512
  
  172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Crashpad/settings.dat
- Size
  
  280B
- MD5
  
  1d067422203aa571d41510689a583844
- SHA1
  
  4c9b41c316a6181dbfab735f02514036287de223
- SHA256
  
  800d6b853b242b40d4b1ab7948cbc3389d6695f1ee32c9b90c702e04e328fecb
- SHA512
  
  43216ab64994b23579fd50c37f9d798cf4a15ade28eabbdb9abc5457d288cc909c14277fdcbbd7124527172cfb57f36f0e0492bb1ae6f355c24e4087a02b6d27
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Crashpad/throttle_store.dat
- Size
  
  20B
- MD5
  
  9e4e94633b73f4a7680240a0ffd6cd2c
- SHA1
  
  e68e02453ce22736169a56fdb59043d33668368f
- SHA256
  
  41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
- SHA512
  
  193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Nezur_Interface.exe.WebView2/EBWebView/Default/Cache/Cache_Data/data_0
- Size
  
  44KB
- MD5
  
  252e5d3a9cd89e918aae00247c06f7a9
- SHA1
  
  b87ec899b54e99aa59e988f24f353b40fc08cc2d
- SHA256
  
  2389fe57daee0e0e2b196800477087348a1e8027eb2b7e9b7db39595bfd2db4e
- SHA512
  
  2f0a7e3ca2b198e056fbfbd644650bbcdc5ec3597c3da0ef40a8f96c162e5afe36163326942fb0a95541efcb30853d05753c3191e47b91e058f8297f7374213c
- SSDEEP
  
  6:/FoEXEmHX1ikNUAkX1+V+Jdq0outRcLSleNiwP3UerpXn6lQb:d7XVHX1HNUzX1s+s0ouzySFaUkp36Kb
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32