80ae3802c6b2c253471ff661e5315189dc046bdfe3994bd17c7b9b63a7e738da | Triage

Submit
Reports

Overview

overview

Static

static

norascan.exe

windows7_x64

8

norascan.exe

windows10_x64

Sharing

General

Target

norascan.exe
Size

16.3MB
Sample

211020-m91bzaghg4
MD5

b00c04a45ee1e14e54e5ea3d61907ca1
SHA1

e1c4af95bf8aa6b67c2cc326c41d6f2c260acc4f
SHA256

80ae3802c6b2c253471ff661e5315189dc046bdfe3994bd17c7b9b63a7e738da
SHA512

5463a55fe97c83752a724d8760915f5f5cdd87b189b728e95590f8f2c16664b776aaa67ddf141ef70d04a7e6503bda04a45e8380f8c028026a6d8c3f12ccd279

Score

10^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

norascan.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

norascan.exe

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
217.148.169.138
Port:
21
Username:
ftpuser
Password:
Klien$%&77FTT2

Targets

- Target
  
  norascan.exe
- Size
  
  16.3MB
- MD5
  
  b00c04a45ee1e14e54e5ea3d61907ca1
- SHA1
  
  e1c4af95bf8aa6b67c2cc326c41d6f2c260acc4f
- SHA256
  
  80ae3802c6b2c253471ff661e5315189dc046bdfe3994bd17c7b9b63a7e738da
- SHA512
  
  5463a55fe97c83752a724d8760915f5f5cdd87b189b728e95590f8f2c16664b776aaa67ddf141ef70d04a7e6503bda04a45e8380f8c028026a6d8c3f12ccd279
Score

10^/10

discovery
- Suspicious use of NtCreateProcessExOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy