0c31c6a241a8b45dbe172328800aad3e89145073b6f49e02dc3105cb4dcfd6d6 | Triage

Sharing

General

Target

NYX 2.0 FIXED.zip
Size

5.4MB
Sample

240630-kt6spsyepj
MD5

66f99ee31c06338b56f54daade5b11d0
SHA1

499dad7369984f19de95395ab223a7e197a3b9a0
SHA256

0c31c6a241a8b45dbe172328800aad3e89145073b6f49e02dc3105cb4dcfd6d6
SHA512

a71feb56e525c4e2f6377d4f3c00d712fa4e80773a36888d6231c449c7ef2769a9a392032064ec2f3580fe33f80c821ca6cb30be89a4990470b7a5aaab5d2752
SSDEEP

98304:f8zPw4/iD45FrZcV3KJ0M9LiOMa9Wr8LKVowjq0b9v/J+VHwQMTO+MA6cBmbpj:f8zPw4i45NZckn9HWQLv0bJuuX9i

Score

9^/10

evasion execution themida trojan

Malware Config

Targets

- Target
  
  Release/DiscordRPC.dll
- Size
  
  82KB
- MD5
  
  3956130e36754f184a0443c850f708f8
- SHA1
  
  4874cd51b0fa5652ed84e3b0c123bee05dcdffc8
- SHA256
  
  25c39f91f737d80040c72c9e3f95db0fece1c9653f501828adc16cfb1ec59d26
- SHA512
  
  157143dd69378e9914ddbb934229cfbc99ae7d80f4f787b7799fc254054d2c7b1e6f4551cddea30470e28b61309f858fcdb2d009b1c32953dfe5ea7fe78e9e48
- SSDEEP
  
  1536:RICqBkny2//yF9999999999dGxde6HYPM4Q+mRxpSNh:RNy2//yF9999999999dn6b4Q+mWh
Score

1^/10
behavioral1 behavioral2
- Target
  
  Release/MetroFramework.Design.dll
- Size
  
  16KB
- MD5
  
  ab4c3529694fc8d2427434825f71b2b8
- SHA1
  
  7be378e382e43eae84f1567b3570bca9a67e7697
- SHA256
  
  0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65
- SHA512
  
  02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5
- SSDEEP
  
  384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Release/MetroFramework.Fonts.dll
- Size
  
  656KB
- MD5
  
  65ef4b23060128743cef937a43b82aa3
- SHA1
  
  cc72536b84384ec8479b9734b947dce885ef5d31
- SHA256
  
  c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26
- SHA512
  
  d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7
- SSDEEP
  
  12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw
Score

1^/10
behavioral5 behavioral6
- Target
  
  Release/MetroFramework.dll
- Size
  
  345KB
- MD5
  
  34ea7f7d66563f724318e322ff08f4db
- SHA1
  
  d0aa8038a92eb43def2fffbbf4114b02636117c5
- SHA256
  
  c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49
- SHA512
  
  dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148
- SSDEEP
  
  6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj
Score

1^/10
behavioral7 behavioral8
- Target
  
  Release/Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral10 behavioral9
- Target
  
  Release/Nyx.exe
- Size
  
  3.5MB
- MD5
  
  00ec60cd1add4a2f61e48c7b0a6c810f
- SHA1
  
  174af7f09725d67d522e65066d3e3662da50a4e2
- SHA256
  
  df4da6874570d3e753519898684bbad60378725d24f9557f5d5294fcfd795a29
- SHA512
  
  244afaa72bea7b46633dbaf79bdac388dfaf190e88d3a7675d16b36cfaeb39e9b47f1dc6ac1ddc059c64e091dfff562460ac83f9e669e42c3f90ac9fc44c1003
- SSDEEP
  
  98304:zcwncs4fUCBRTna03MfhwbIZosECIMRvl:Ywnc3HdahZ4IgCr
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral11 behavioral12
- Target
  
  Release/Siticone.UI.dll
- Size
  
  1.3MB
- MD5
  
  750c58af2e56b6addecffcf152520ab8
- SHA1
  
  14995e7f1d12498606d9d209d78d55fe6fd87802
- SHA256
  
  27c56a28cbde094157206da1bfcd7a395111ab97b8a5ff600b11c2175dcefb26
- SHA512
  
  2179790e23f61b3dfea828457f8609279c70b1e071cddc73b1dbda02caa664e0aae2553fc24a4956f9e89c477d66b1a704bde26fa23bc6db26c19e18db00abb5
- SSDEEP
  
  24576:QVMCtIZJntOFmMlMqPilaiS4Yr6ugPngPfjv9tLF2cH8gb:u8NlaVeuHFb
Score

1^/10
behavioral13 behavioral14
- Target
  
  Release/bin/monaco/Monaco.html
- Size
  
  8KB
- MD5
  
  48426c5817e1f1933115f58c2cc73e4a
- SHA1
  
  c278082d216954a7ec13d5b630fed253c64f4147
- SHA256
  
  16fd975dae221d7a5bfdb3be03540dde4ddfb899b60bfbf0a53c0b41230b8fa5
- SHA512
  
  9db3d37486d5a50e190c6484155a0e44a83923b679d3f778df176ad3486319bb897ec34440d65a9b71cfab6301ddbcf870f7dee2e9917d8fa7bb4e2eb52ca275
- SSDEEP
  
  192:wq6d3PorvFqCOv2tp5keghKtCI2MCTJ3+NLSaPh/WCY/juaajIlB:cd3PoMCvv5keghuwjNajIlB
Score

1^/10
behavioral15 behavioral16
- Target
  
  Release/bin/monaco/vs/base/worker/workerMain.js
- Size
  
  149KB
- MD5
  
  27ead90c7702154755785e0e53398755
- SHA1
  
  86b59485fe6f6ccb1805183fa75062a2ac1c859e
- SHA256
  
  bdf9433692a08851e13dd58504eef19f51bd2ec7241923a68edf5772e0e53af5
- SHA512
  
  6829681575179c90bb7817b17feee60e7d44d8abb15264ab39d7f0edf95dd1d030b99c12b005c753cd786c26ce6f17ff09b058c16f3363596f785e386ef78e82
- SSDEEP
  
  1536:XNSxrkwnz+dTHHfvYYdBwDZ2Ogvh52xgh2hQXIvTBaB7hU74Yc6aphU1PblosJEl:XzdTagJkb+6jFlJJEt9yjjTCD2zw
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Release/bin/monaco/vs/basic-languages/lua/lua.js
- Size
  
  8KB
- MD5
  
  9cf08ada63c048e4e38c8816409ed958
- SHA1
  
  75a2564071cb1ff7c160d6ed385b9c32ed8a45df
- SHA256
  
  c171352021b601d49147f9c8a8b241ca0d8e905f79937164ac824ad2ff3f9ccc
- SHA512
  
  636e25d27ecd211b535845c7f7e5b546a5f50ccfa5d321d37fac0a155b6a001047f86bb5e514ee138efb82b88da6c3e4ea3db2a0bcf4918a274c9ff33145dd34
- SSDEEP
  
  96:SD3yDUnHWD5dyVLY7SvEFR88iqIZkQBZZMP4etFbhBuMCL8CvcOAtOfxBVkxMZlT:nDGHydyNY7SsfkFedmUtOfxQxjE
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Release/bin/monaco/vs/editor/editor.main.js
- Size
  
  2.0MB
- MD5
  
  9399a8eaa741d04b0ae6566a5ebb8106
- SHA1
  
  5646a9d35b773d784ad914417ed861c5cba45e31
- SHA256
  
  93d28520c07fbca09e20886087f28797bb7bd0e6cf77400153aab5ae67e3ce18
- SHA512
  
  d37ef5a848e371f7db9616a4bf8b5347449abb3e244a5527396756791583cad455802450ceeb88dce39642c47aceaf2be6b95bede23b9ed68b5d4b7b9022b9c8
- SSDEEP
  
  24576:SmmBNDw4gCXJkB4nIg2IxhbaeZYIMsNjvit4f:wDw4gCXJk62+aeKIMsNjvit4f
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Release/bin/monaco/vs/editor/editor.main.nls.de.js
- Size
  
  36KB
- MD5
  
  4d83bc1bced6f773423be6f939472cfe
- SHA1
  
  1b42889a7f580df9f7d399c33141d38548143ed1
- SHA256
  
  0dee462d5fb231f169f6cbc432465a43fd445c011fe650e29f5fb2bccc31eaae
- SHA512
  
  c53d522438767a15b5711099fee0acb62ff21289b62640d1a4823a90c8a7d8836bc932daae477d5188b1ba78c50c581284c4d7379efb532f37d356add97ac8e4
- SSDEEP
  
  768:jADv7LbgRyefe80QqYax/mZgb2ET1UZ0IMlYmz7w0hxH1N1Bg93RyFGAIDB7wZ9m:jADDx80QqYax/mmb2YLIEYmz7JhxH10D
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Release/bin/monaco/vs/editor/editor.main.nls.es.js
- Size
  
  37KB
- MD5
  
  b371235f971baa51f58f123f40c4435a
- SHA1
  
  843d4a2d214c7d9da650cf4d0c6981ac1dab69c6
- SHA256
  
  203ff3591e02eb7b55a591e53919cc337f8dea73e6446fc3493227761c0794ba
- SHA512
  
  77d43490f1208dde16b6773551ea983cb2352455178ea0e3d4d4b2f2e05dc406cafae89738001d708b780b58882cf5448eb7a8d1c11aa7b8e87915a390da618a
- SSDEEP
  
  384:hwuiA9wZFjNzWZQz7uDlnDEuoKZvGrkEq1EhBR3H6Sg4eUz+JWCHcxS+S9SxS9tf:Y9ZCZQOtDZSj1XJS+S9SxS9tx78teB
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Release/bin/monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  40KB
- MD5
  
  d319e61fc6b357b9a5d8e3bbaa44ce3c
- SHA1
  
  b1539b082b2b8290f05dfe17d6fee3d64b2ec244
- SHA256
  
  7fde40b2b212d274617232de09452c6cb896e8a3c6b9e0b459f067cd07f31a99
- SHA512
  
  6ba80b90242dc55ecfa1678e7f8506ed9add4bf08067b125ba63d42b8e8e4455507a86369f6fac6c9d10565d083e7364d4fc79d62e9bd460fe49957c91f598e6
- SSDEEP
  
  768:HlKogi6Q3JbQWxxGmmrHeHPO10xSgGvJ1COIoJoZjbEMO9ms:Hl8KbQwKRavGJoZG
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Release/bin/monaco/vs/editor/editor.main.nls.it.js
- Size
  
  38KB
- MD5
  
  a8855a662eb4d3a771fdab7ba6287def
- SHA1
  
  a78b57810ac8e9704e97897c6168f4140d2eadf7
- SHA256
  
  f67cec6dbf98c98c834638d20df53c5a770edada7f26ebf6d0b7dfec60f7a4ab
- SHA512
  
  1c03f8b243701870d8a17e5565da6c65c3f1d76dfb55c88cf68578a4754434a071565da9147e7c833de588a5907b5ece07e018dec52c79d9b2914c964a48a4b5
- SSDEEP
  
  768:4klNUuMam1xYhz2LyXSXBjlHtvnYyjMbRgD5SL2KAqI0UGmGfpspuoeu317K93Ph:5f0SL2KAqKKNpCi
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Release/bin/monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  41KB
- MD5
  
  a1f3c9e940206ca310147d644305a6e1
- SHA1
  
  005a8f7023b9d873962c7272203cc0c0d0ccc624
- SHA256
  
  ea9f5e8993017f858cd9ee70aac3d7990ca85eaf40a052025e530fb1c300837f
- SHA512
  
  f98ad1e4c127c3aa4a4ff2fa7ed2a65b5d32644211679e42d70aae03f9c0af1da7704061c28e95cbb25ad14745b1d086c9a49492119d0f97653a0b817823bc69
- SSDEEP
  
  384:hIDtFoY0u0ZAITlMRFG1yu9RwJUcQ8bo6CdXtK+c3YcnI+PjnN3H6Sg4dcRID9Dh:VW6RwJrQNdbc9N1aBDzTG7e2ZLlx/
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

evasionthemidatrojan

behavioral12

evasionthemidatrojan

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32