General
-
Target
Nexol.zip
-
Size
363KB
-
Sample
250108-3zewaaypct
-
MD5
a3191414fe7f2113b05ce279ed66ac93
-
SHA1
6723409a245ddcfd12bd52164809aee52a046e2f
-
SHA256
7068348e72d1c5fc809cbe89f2be6a51459e8861c99dff71b18dbc7cde35c2ee
-
SHA512
4ed196bc80aa51c325d98a7e3c926e4dc2e5abe834994f75efe78f3fda6d6b46822d19ffd1fb24233ec2f4c5e560e8dc2d68188fa7e70869ed9646ee5045e1ce
-
SSDEEP
6144:s6Bl+AZSVH2eCMRdbwY/6U93uZEqRZyQmj3khxPb61yV4MW8guHOmvOX7LRiTNE:1XBCnVRdsYP1uZOAbW84kguHLORia
Static task
static1
Behavioral task
behavioral1
Sample
Nexol.exe
Resource
win10ltsc2021-20241211-en
Malware Config
Extracted
lumma
https://robinsharez.shop/api
https://handscreamny.shop/api
https://chipdonkeruz.shop/api
https://versersleep.shop/api
https://crowdwarek.shop/api
https://apporholis.shop/api
https://femalsabler.shop/api
https://soundtappysk.shop/api
Targets
-
-
Target
Nexol.exe
-
Size
400KB
-
MD5
452a78e8f8426755df51232f79625d03
-
SHA1
77ef222547c42d9c022f39e1ba1ef14295e2fd71
-
SHA256
6260e990f752752a447c4fa2d65de92c6c793a9b725c55794c9e03270c143b47
-
SHA512
546432493e592a86c3b05dd9ad2c0a9fb0d46f2523d3b9f36a8cb14a972a05ac6bc1686ca08bac987642c9b864df7f0772f7536738ab459dd2ef1d54106982e0
-
SSDEEP
6144:80bS4ZyK0FboqEMJYYPN/6Ur3uZEqRryQml3khxPZ61yV4MWYguHOsvOX5LR4T6s:80b9ATBNPLuZUiZW84QguHjeRgP
-
Lumma family
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-