General
-
Target
bd5006ba4e4cfcf8a8b0b6da5bb30f4dd8a78beb351b814431ae8599dcf23f1b
-
Size
3.1MB
-
Sample
211221-plcxwaecbl
-
MD5
54fccf779c1611fe486a5c232f32f4d2
-
SHA1
9edd5d86fbb0236625c1c533e85d2fe76901979f
-
SHA256
bd5006ba4e4cfcf8a8b0b6da5bb30f4dd8a78beb351b814431ae8599dcf23f1b
-
SHA512
21e2eedfb70bc97807c2c5327efe246aa24cd2ed0890dee0e1ad9de487311684047c6dd3083a3bc4083288627f2e1797a319e9a9517a5aed7b95258a5302916d
Malware Config
Targets
-
-
Target
bd5006ba4e4cfcf8a8b0b6da5bb30f4dd8a78beb351b814431ae8599dcf23f1b
-
Size
3.1MB
-
MD5
54fccf779c1611fe486a5c232f32f4d2
-
SHA1
9edd5d86fbb0236625c1c533e85d2fe76901979f
-
SHA256
bd5006ba4e4cfcf8a8b0b6da5bb30f4dd8a78beb351b814431ae8599dcf23f1b
-
SHA512
21e2eedfb70bc97807c2c5327efe246aa24cd2ed0890dee0e1ad9de487311684047c6dd3083a3bc4083288627f2e1797a319e9a9517a5aed7b95258a5302916d
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-