General
-
Target
Nukre_Server.exe
-
Size
6.9MB
-
Sample
241223-qxdtzs1maq
-
MD5
fc97ce2cbe7c496d863bd4770b7505fb
-
SHA1
9556024741342c6aebf38921062ef2e63e5a2678
-
SHA256
5236df56270cdf6180883a2b170630a07d2dcfc84d7efec7e815f7e65b1af5ab
-
SHA512
583b2fa082a345a8fc0727c8901f944ef882daf2701c13ea8fad3f8810fa6b62b60bee7348ff91b173d7de9f94aade708af70e7ddf9810edc51a6dee96465c8d
-
SSDEEP
98304:gjDjWM8JEE1FwamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWr:gj0PeNTfm/pf+xk4dWRpmrbW3jmry
Behavioral task
behavioral1
Sample
Nukre_Server.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Nukre_Server.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Nukre_Server.exe
-
Size
6.9MB
-
MD5
fc97ce2cbe7c496d863bd4770b7505fb
-
SHA1
9556024741342c6aebf38921062ef2e63e5a2678
-
SHA256
5236df56270cdf6180883a2b170630a07d2dcfc84d7efec7e815f7e65b1af5ab
-
SHA512
583b2fa082a345a8fc0727c8901f944ef882daf2701c13ea8fad3f8810fa6b62b60bee7348ff91b173d7de9f94aade708af70e7ddf9810edc51a6dee96465c8d
-
SSDEEP
98304:gjDjWM8JEE1FwamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWr:gj0PeNTfm/pf+xk4dWRpmrbW3jmry
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3