neshta | 63ce1d90d0fc261f2b5daa7d7c96c265c4a758e0e1ea4e7a915f9e0d92c332a5

Sharing

Copy URL

Twitter E-mail

General

Target

Nonelucid.rar
Size

38.8MB
Sample

250110-tal4ma1ndk
MD5

8fb5b05cfde9da805c821c7214680a2d
SHA1

9ce6ec088d2ac423e6d87401f3d5be4904003fd2
SHA256

63ce1d90d0fc261f2b5daa7d7c96c265c4a758e0e1ea4e7a915f9e0d92c332a5
SHA512

4180212f461bea9691e53135f67baabb824951a6a79dd370b9a6705d844110a1dd7da34103566705ff0d7506f84627b69d07aa51ede6f81fefc9781dd0674b28
SSDEEP

786432:WUcKcrdEVRcCBJUR8N4JsrHNS91YUMoY+pNMNNy:WCcr6RcEUR8CYNsMqpQy

Score

10^/10

Malware Config

Targets

- Target
  
  Plugins/WinLock.exe
- Size
  
  891KB
- MD5
  
  cdbe850565706b891062307110fb8621
- SHA1
  
  8cd2bfddbfdb1138c7a70fdbd9891fddf26fcf35
- SHA256
  
  156f74c4a5484fa089bfbd15fbf939236883d8e6f95fc4e33d66815c404cea24
- SHA512
  
  fc506f420dfd9f902efef09ce2d01ff79e4c2e3bd156d3abf2c67f111436abbf18c01847df765d2a28efc4ad32bbd7687d08455535d8b93682ae4e341ee8d664
- SSDEEP
  
  12288:tWDhf20eRDLS+F5B9gZfEpnRJVk/kZFl7Io4cV17R5PuxNRZnWOra2L:YF2BDLSY6fcR34ybN4cV17RVSNRZn82
Score

8^/10

discovery evasion persistence
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  Plugins/WinlockBild.exe
- Size
  
  812KB
- MD5
  
  bb2d242277e1bec8146b92d6926d22d1
- SHA1
  
  96854ddc6433fbb9cb9a92784b9756b17bed42d5
- SHA256
  
  54389bbeec15ee04c7615d6dbff07410b8a9a1f89db4e387f37abdb5bad95b26
- SHA512
  
  04b6852d710eaa00b20004628df253f43337d045174bbf2856fd35347c5499ce4b0794eb4cf40b94fac52ae7e316e6f01f883ed02b7f4b9fb791410a41d3dad8
- SSDEEP
  
  12288:GWDhf20eRDLS+F5B9gZfEpnRJVk/kZFl7IJJqnTGOw11VFhL78Ol:7F2BDLSY6fcR34yb8qnSJ11VFt78Ol
Score

8^/10

discovery evasion persistence
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  Plugins/ethminer
- Size
  
  4.4MB
- MD5
  
  38cfdd6cac508c40137ee45dc6857a59
- SHA1
  
  199f87fd7bb827b75543141acf580f4e53417595
- SHA256
  
  7ca69c624f9745a11ece45baaec80a3e7b596199d4997b4a3a07caecb0cb02d7
- SHA512
  
  d4dc8f03288c09c82308025e138c027335067cd6b88ef078ae6a6ec2a79f12e69628ca52a08c19cf0b985acee301c0b823b42ef9830fa94c305f2377c29deb50
- SSDEEP
  
  49152:23LsR5jcDqJFfM0UZ+jkpXEIQwog9U2jU4AgIrHv2DR/1w+piac1wgmHyP3wn/z6:Uy5zTjMJzi01Zca7Uwn/t
Score

1^/10
behavioral5 behavioral6
- Target
  
  Stub/Client.exe
- Size
  
  78KB
- MD5
  
  3bfba5fe0cdf4939622b8ad6b7d783dc
- SHA1
  
  0c7c1baff99898ba7ba8058e989789dba6d38f34
- SHA256
  
  0d1f08481f98b99629ac465efcabf5c91c84ad09b1474ad381a7a342767e8ec4
- SHA512
  
  5cadb73f73df3bf5dd5bba87af0c1c8f9ba036143352f96416bbb53d114cf28d4b281914d4a7444e4ced5b2ace40a79cdba3ad1385e048cdeb1c66b9f30a1131
- SSDEEP
  
  1536:665rmfWK8vxj3eHVqqMkkrpkL3588H8a+pspKlmUD4JrvYq5ZcpqKmY7:6kqfWK8vxj3eHVqqMkkrpK353H8a+pUf
Score

1^/10
behavioral7 behavioral8
- Target
  
  Stub/Criptor.exe
- Size
  
  26KB
- MD5
  
  55304fba6f0df55a53ffa3ade5e28400
- SHA1
  
  57ded2c61a129ece115f24bb81eaea2b6919a292
- SHA256
  
  bb0d209d5f80f7a98d13105082c66de729a45ac3edcedcd5d461247d770c1f0e
- SHA512
  
  606da5e1caf71d643ca0806a997193d5cdeafcc9d2e5bce3886cbfdcefb6a84c83c534042d62a0274ef17a775e87958ad9e616abab75a91911cf14872fa64d95
- SSDEEP
  
  384:6JSAghLajiI72q9ycnlNHHVHm2U8jNSwZygidcJi5UjW79XkjOrpLoBGxCt:6uaeUF9ycl5VH2Avhusi5UjWJDq
Score

1^/10
behavioral10 behavioral9
- Target
  
  Stub/Loader.exe
- Size
  
  5KB
- MD5
  
  3225ce4873a8b6b94ddea9e18e2445f6
- SHA1
  
  6437d33dc2e0eca711d6a80ef9fa87a5dd21a75f
- SHA256
  
  679f0abb99cb973e2164b51408f2863091e5dabf3fe7729a8683360a92c69db5
- SHA512
  
  fb7bb26572ef0174fc4eb921d286877e176aaecf83057ae862324406d25d3e3c7406f10991fb01ae3924f57c5fa5f8215712e0fba6aa0d68402ef8746bc14eed
- SSDEEP
  
  48:6jspjNKjkecyNMF+e9Bz/b986sgamLmTZsFtoJlShKtF:+CEW3+e9BzLslmLm7e
Score

1^/10
behavioral11 behavioral12
- Target
  
  Stub/net5.0/ref/Obfs.dll
- Size
  
  14KB
- MD5
  
  ec9ec0b0d487d0c9d29e55c56753b864
- SHA1
  
  e75720cc8f21eed5bcbef71062c16b737ade9c91
- SHA256
  
  6e4a5284e68f2411be0e3140a1765cf3a5cbabe575ada63d7799ee6c679c869b
- SHA512
  
  85335280a5a92f2a72edcb4dadc9250a5ee1ff36990f2bcd771eba2d98d7a65966ae179c371daf1b48139a33487c4b719866d5da7b44ae8de8283f98f46c37d2
- SSDEEP
  
  192:6diyL2uyArhfIfuGHBopK6wwaOgRndkCDg0v5tF47D:RyHtdIfthiKt0mndkCZo
Score

1^/10
behavioral13 behavioral14
- Target
  
  Stub/netcoreapp5.0/Obfuscator.dll
- Size
  
  68KB
- MD5
  
  7e2c05e4f7c021c2520f019fb5fa771e
- SHA1
  
  42e62a43b68ff7ba49d48a5fb88629c7206bd927
- SHA256
  
  b3faefa2877aae7d01afcd2b61dffeaa2ef369e5d63c4241bea43059bc42b18e
- SHA512
  
  f5fc9fa007d892dbaee28b1692f975470fa3e6b60dcfbd622703bc0ca72121a2da46c85de882a95a63d616980d2a5f9c4c83b63bfcbe07daf2eecea3cd27aa6f
- SSDEEP
  
  1536:pxrcJwn+oUG+WPusxGHX3gP/G68+qbjNH09XbuCk9w5S/i+/N:pxrcJwD+gLGHC8DWtbuCN5S6+/N
Score

1^/10
behavioral15 behavioral16
- Target
  
  Stub/netcoreapp5.0/Obfuscator.exe
- Size
  
  123KB
- MD5
  
  696e8fa514a48b48582c7c1346105ab1
- SHA1
  
  0ec9137a79a5a8f328ad61225c985f9bfa932d72
- SHA256
  
  58ed4b876e1ab1410eb2b8a69f72d9e9e71d3ed99f5210f55d5a924fb3e6aa69
- SHA512
  
  696cf6845bafd7296d73ad9a134821daf4867a033c28d15c56c69ed7ee9d186d3d0262c387b9b391f2f325a71ba8d1bab3500ece2e0749ff7438f0cb205e836c
- SSDEEP
  
  3072:Nl0xIHQmEbGliHk29+E8Ufjo11NVG/sJ7xPzvfWC5:T9RPG/s/TfWC
Score

1^/10
behavioral17 behavioral18
- Target
  
  Stub/netcoreapp5.0/ref/Obfuscator.dll
- Size
  
  14KB
- MD5
  
  75563750012105583645516053326467
- SHA1
  
  84a635bc884112fb719df2aaf926a4f3984d6b93
- SHA256
  
  7c081fdfe5d542888565834b0985deb6eef84f506e415708d7c813bc45f76ef7
- SHA512
  
  6a90a226a4b97c98ea7f79d5d6a1a8c1dc24e632e35ffbf07016c6816d3fc7c2f90db5bc61adcff9ea1a0d6004b6a7ea8ae845753a86dd0a394af869f3ff4ac6
- SSDEEP
  
  192:UN7eJ/sNDlraKTpNPsz4VQtCozmuK6wcaOyptjkCDrsbxwU9:ZJ/kpWq7Pm4VQt1zmuKtQ0tjkCyyU
Score

1^/10
behavioral19 behavioral20
- Target
  
  Stub/tempClient.exe
- Size
  
  75KB
- MD5
  
  9b1b21fe9b8ab2fb386dd5794c272baf
- SHA1
  
  3e6cd9d07b8ece706697f332ac9f32de5ecaf086
- SHA256
  
  9a8dbbe51d9c9af6f5441e9df456ec33f1fdb00e576363c72d28dcf38ea60a6e
- SHA512
  
  4f219094d83cd27f8ad820c0698adb5047cf53ac6fd9980b8d98ec07d2eb213cac88f23dfd0fff81c1aa7c8249ef5affdb2ebbf92444db213eb1fc37caabfb12
- SSDEEP
  
  1536:a0h0+0sez0B2GVewVUASbsLeOfcHrtpqKmY7:a0B7eQB2Ge3ASbsSyU2z
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds policy Run key to start application

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Adds Run key to start application

Adds policy Run key to start application

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22