General

  • Target

    Nibiru.bin.zip

  • Size

    69KB

  • Sample

    201006-xqf4sy62bx

  • MD5

    4d6662d7d3281451ec4b11f820a5344a

  • SHA1

    4037b5d954b4f44cbe6e2ffd7ab29e777e106e07

  • SHA256

    14f025b6400e2f3db5ba60a78812501e658f19929e1ffea669677596482140ff

  • SHA512

    cc297427ad5773cc552d282f370f7b8f5e463ae83533941714125f6b0f8775279b67a60ef22026389b9dff9e1ad7b197eec18e072703c1963bb37ef440e72db2

Malware Config

Targets

    • Target

      Nibiru.bin

    • Size

      121KB

    • MD5

      49d9d587a88074016a2042bdb42b9441

    • SHA1

      5659837b54f1c48318025051c8541aa915b80aac

    • SHA256

      e0a681902f4f331582670e535a7d1eb3d6eff18d3fbed3ffd2433f898219576f

    • SHA512

      ad8a1f71eeea4dea8073886563191bce9aff27a5c0f28e1f23362787f8a759635996a0434d73792351f30bcbfbe17c455aa4774ff366cc6a79e18c7fc7e3c65d

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks