General
-
Target
Nukre_Server.exe
-
Size
6.9MB
-
Sample
241223-qvfkss1kex
-
MD5
fc97ce2cbe7c496d863bd4770b7505fb
-
SHA1
9556024741342c6aebf38921062ef2e63e5a2678
-
SHA256
5236df56270cdf6180883a2b170630a07d2dcfc84d7efec7e815f7e65b1af5ab
-
SHA512
583b2fa082a345a8fc0727c8901f944ef882daf2701c13ea8fad3f8810fa6b62b60bee7348ff91b173d7de9f94aade708af70e7ddf9810edc51a6dee96465c8d
-
SSDEEP
98304:gjDjWM8JEE1FwamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWr:gj0PeNTfm/pf+xk4dWRpmrbW3jmry
Behavioral task
behavioral1
Sample
Nukre_Server.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
��Kp.pyc
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Nukre_Server.exe
-
Size
6.9MB
-
MD5
fc97ce2cbe7c496d863bd4770b7505fb
-
SHA1
9556024741342c6aebf38921062ef2e63e5a2678
-
SHA256
5236df56270cdf6180883a2b170630a07d2dcfc84d7efec7e815f7e65b1af5ab
-
SHA512
583b2fa082a345a8fc0727c8901f944ef882daf2701c13ea8fad3f8810fa6b62b60bee7348ff91b173d7de9f94aade708af70e7ddf9810edc51a6dee96465c8d
-
SSDEEP
98304:gjDjWM8JEE1FwamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWr:gj0PeNTfm/pf+xk4dWRpmrbW3jmry
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
��Kp.pyc
-
Size
1KB
-
MD5
0610bf8eedc6a03d9a60f81e67fd7b46
-
SHA1
0248157e6aa441b120ef65dc769771f22f7bcb39
-
SHA256
6828121c36abada23f2411cc62f2b39d07276a12f1b46f190e526853fb96b5b4
-
SHA512
ec04857578f3cf1d95ec360e3bc4839173a35a42c4bdbebb7ec416e618624819376957c311f6228b6ee30f909d0d52a367c07b86460314620f22b235936e911a
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3