Overview

overview

10

Static

static

1

5c685cf371...16.exe

windows7_x64

10

5c685cf371...16.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c685cf371d64b7e79967a04407fc216.exe

  • Size

    531KB

  • Sample

    210201-wv3q1r6ndx

  • MD5

    5c685cf371d64b7e79967a04407fc216

  • SHA1

    9c379673d4d702d4f1bdd3b569a5e02199dc7498

  • SHA256

    690e911da419c3aa11850cca989334b9837f11617922e3dff170e20cde02738f

  • SHA512

    9e9ae99413d7e2aba87b2c14a7056eb709e2c5f066a3256cc82e2194adc7a7981c877ed36e5d625519a9b413e5be1dcc79ca9f5686cf7e7d84a63d900426c914

Score
10/10
nanocoreevasionkeyloggerransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      5c685cf371d64b7e79967a04407fc216.exe

    • Size

      531KB

    • MD5

      5c685cf371d64b7e79967a04407fc216

    • SHA1

      9c379673d4d702d4f1bdd3b569a5e02199dc7498

    • SHA256

      690e911da419c3aa11850cca989334b9837f11617922e3dff170e20cde02738f

    • SHA512

      9e9ae99413d7e2aba87b2c14a7056eb709e2c5f066a3256cc82e2194adc7a7981c877ed36e5d625519a9b413e5be1dcc79ca9f5686cf7e7d84a63d900426c914

    Score
    10/10
    nanocoreevasionkeyloggerransomwarespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks