Overview

overview

10

Static

static

EvilNomina...to.exe

windows7_x64

10

EvilNomina...to.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EvilNominatusCrypto.exe

  • Size

    14KB

  • Sample

    220120-r2fd2sadbk

  • MD5

    8e23d84e5c58270136539c4cb3e604a4

  • SHA1

    4cc242e1f24af73d2a3e38e4ad103df0ae62d93c

  • SHA256

    01cec0306b25849804ac2770d877423d9f00adfae6217c72842630d18c048ba4

  • SHA512

    159cd61686bec5c83c529e69f1ce653c9b8176c386b0d28b192fa25f07c2784749855f27cd144e6c581c37fd411db857c1476777719feb6f6a291bf8acf4344f

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      EvilNominatusCrypto.exe

    • Size

      14KB

    • MD5

      8e23d84e5c58270136539c4cb3e604a4

    • SHA1

      4cc242e1f24af73d2a3e38e4ad103df0ae62d93c

    • SHA256

      01cec0306b25849804ac2770d877423d9f00adfae6217c72842630d18c048ba4

    • SHA512

      159cd61686bec5c83c529e69f1ce653c9b8176c386b0d28b192fa25f07c2784749855f27cd144e6c581c37fd411db857c1476777719feb6f6a291bf8acf4344f

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks