General
-
Target
norascan.exe
-
Size
16.3MB
-
Sample
211020-m91bzaghg4
-
MD5
b00c04a45ee1e14e54e5ea3d61907ca1
-
SHA1
e1c4af95bf8aa6b67c2cc326c41d6f2c260acc4f
-
SHA256
80ae3802c6b2c253471ff661e5315189dc046bdfe3994bd17c7b9b63a7e738da
-
SHA512
5463a55fe97c83752a724d8760915f5f5cdd87b189b728e95590f8f2c16664b776aaa67ddf141ef70d04a7e6503bda04a45e8380f8c028026a6d8c3f12ccd279
Static task
static1
Behavioral task
behavioral1
Sample
norascan.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
norascan.exe
Resource
win10-en-20211014
Malware Config
Extracted
Protocol: ftp- Host:
217.148.169.138 - Port:
21 - Username:
ftpuser - Password:
Klien$%&77FTT2
Targets
-
-
Target
norascan.exe
-
Size
16.3MB
-
MD5
b00c04a45ee1e14e54e5ea3d61907ca1
-
SHA1
e1c4af95bf8aa6b67c2cc326c41d6f2c260acc4f
-
SHA256
80ae3802c6b2c253471ff661e5315189dc046bdfe3994bd17c7b9b63a7e738da
-
SHA512
5463a55fe97c83752a724d8760915f5f5cdd87b189b728e95590f8f2c16664b776aaa67ddf141ef70d04a7e6503bda04a45e8380f8c028026a6d8c3f12ccd279
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-