General
-
Target
Nighty (1).zip
-
Size
115.2MB
-
Sample
240630-yzqkkaxekl
-
MD5
ec08b150a9132962f22111d52a168108
-
SHA1
4e2dded2ed93a9291a2e1744e7a99b77347b624d
-
SHA256
4b20adb36cca2b06fa6a98a2f96660879c1d99f7e1453bd7f85c1c7ba776117b
-
SHA512
3534c0a78767a625cce7f5667a7174ecbc13c129361230f3dc732d2c8eaaae09dd421bcc928e5f0af3a0803d11b67a88e6eba7d08dd91e1cf26ea51cf35285ae
-
SSDEEP
3145728:tp5RjSGsfvy/TOnJ6eSg3hLiWA3ZL9SXWL3DYhHZcihwggFeZoSux:tp310K/TOJnxxaZgODYh5c3WZoSux
Behavioral task
behavioral1
Sample
Nighty.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Nighty.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Nighty.exe
-
Size
115.8MB
-
MD5
58bf278fc8ede72cd0d29f5643aa0f0a
-
SHA1
e3c83b73c39c62c6af3599e4fbe89098d81db4ba
-
SHA256
eb9815de256624816a1bc640fbdddc383a23cbb584d2cd3854373b12640e1765
-
SHA512
c9cfca0bceee1320bcc46e023ce6b9057f7f032efe2b96ca4589fc76e24bfd1d4404cc795c7eb277dde6dd40cfbb89ada63ba5c34c965f5be816ceaf5de5a350
-
SSDEEP
3145728:g2y5pgYRncD4HTx+3MEwy+E9MPWzJs6RPCaISC++AoUD3XWqk:g2y3xcDz8eJ9LzJHPCajCWvDnWqk
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-