Overview

overview

10

Static

static

Quotation_...B0.exe

windows7_x64

10

Quotation_...B0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    092c22cf22105d144de979b952ac24e306580e583bf15e34595dd73af10d51fc

  • Size

    650KB

  • Sample

    220701-sf6vjshdcl

  • MD5

    4f0001ab444cf514afa8ef16347b5705

  • SHA1

    76e9836a1532a704b351c0d36f489c19f667c457

  • SHA256

    092c22cf22105d144de979b952ac24e306580e583bf15e34595dd73af10d51fc

  • SHA512

    dd568e0fc4dbc4096433747ff98036b960070cc2c3cf7653ba462132894c926f937594ae593108e26999346fd97c55f01a16068abab7488c44fca78c34316303

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealersuricatatrojan

Malware Config

Targets

    • Target

      Quotation_output286C8B0.exe

    • Size

      1.1MB

    • MD5

      bcfce87c088955b1f7db326d2ea20974

    • SHA1

      1e24d9270c35f532acb840f6491fe148b3d5ab24

    • SHA256

      2aa7b820732b4617b4ff37d318478abc78cbf8e98f49d2724ca1fc7eeac6a4cd

    • SHA512

      6cf47b638a6832e71b56e65c519ff6544d5337e9cb9004438950ffe41b6a97c1191b6720f274ff114b0bf8949626f2d787031c6e87c510e0deb60a6d58f62996

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealersuricatatrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • suricata: ET MALWARE Possible NanoCore C2 60B

      suricata: ET MALWARE Possible NanoCore C2 60B

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks