General
-
Target
Purchase Orde.doc
-
Size
229KB
-
Sample
210727-g7rcawt4be
-
MD5
15eb68a65e9ac7367a6e6bdf51eee30a
-
SHA1
d988bf603a28bcb2c031f00101ee83509c0bce1b
-
SHA256
ed60103a8a1837ed4691670a5307539ec832cf3ad076d6afe3bbf06c84ad4511
-
SHA512
e86382cc89ac3d79551b2721dc44cfcb987d73151bb539a2436123f5863c1f57c902ac348be494322ff25cfb8628354df9e8f7cdac71ef605ca8a70172c5924b
Malware Config
Extracted
httP://adfddws.ftp.sh/nputty.exe
Targets
-
-
Target
Purchase Orde.doc
-
Size
229KB
-
MD5
15eb68a65e9ac7367a6e6bdf51eee30a
-
SHA1
d988bf603a28bcb2c031f00101ee83509c0bce1b
-
SHA256
ed60103a8a1837ed4691670a5307539ec832cf3ad076d6afe3bbf06c84ad4511
-
SHA512
e86382cc89ac3d79551b2721dc44cfcb987d73151bb539a2436123f5863c1f57c902ac348be494322ff25cfb8628354df9e8f7cdac71ef605ca8a70172c5924b
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-