Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3fe043d288b1e91663a8c986db34ee903d0b6cdc8dab0a75702fdfd930ace72f

  • Size

    1.1MB

  • Sample

    191025-bt771nyqs6

  • MD5

    f4ff2ed66c3c08d4fd6a63843a2c46e9

  • SHA1

    d75c9f2e7f826c7eb3af5c6b1160bab15b7a183f

  • SHA256

    3fe043d288b1e91663a8c986db34ee903d0b6cdc8dab0a75702fdfd930ace72f

  • SHA512

    992209facd904cc3a3e2ce225c9426c52de6f79e2432df6a48b3ede1dd3593662605035e13dabbee6e7104b72cd27110a3ae807caed703aa1a1bdb1153a7f63f

Score
10/10

Malware Config

Targets

    • Target

      3fe043d288b1e91663a8c986db34ee903d0b6cdc8dab0a75702fdfd930ace72f

    • Size

      1.1MB

    • MD5

      f4ff2ed66c3c08d4fd6a63843a2c46e9

    • SHA1

      d75c9f2e7f826c7eb3af5c6b1160bab15b7a183f

    • SHA256

      3fe043d288b1e91663a8c986db34ee903d0b6cdc8dab0a75702fdfd930ace72f

    • SHA512

      992209facd904cc3a3e2ce225c9426c52de6f79e2432df6a48b3ede1dd3593662605035e13dabbee6e7104b72cd27110a3ae807caed703aa1a1bdb1153a7f63f

    Score
    10/10

    • nanocore family

      family

    • Windows security modification

      evasiontrojan

    • Adds Run entry to start application

      persistence

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks