Overview

overview

10

Static

static

NoSleep.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NoSleep.exe

  • Size

    325.9MB

  • Sample

    220706-fhcy2aahc9

  • MD5

    3f8d79d9bb4f3867587961d8206f9a02

  • SHA1

    ceb0cc99f63f1b0494d34315f02a7d93ab851284

  • SHA256

    413272981ea98ae6aed97535a5c0f2eeb080657c32fd17b5c0b6a6d15430a758

  • SHA512

    99768bd1bcefaeb25cba378994a03a3842c022e1f257d7a6efd9de45877c12b684875f1247cb5b374844dfe172acbe207f11b695c51c359c1c29eed58cffd622

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      NoSleep.exe

    • Size

      325.9MB

    • MD5

      3f8d79d9bb4f3867587961d8206f9a02

    • SHA1

      ceb0cc99f63f1b0494d34315f02a7d93ab851284

    • SHA256

      413272981ea98ae6aed97535a5c0f2eeb080657c32fd17b5c0b6a6d15430a758

    • SHA512

      99768bd1bcefaeb25cba378994a03a3842c022e1f257d7a6efd9de45877c12b684875f1247cb5b374844dfe172acbe207f11b695c51c359c1c29eed58cffd622

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Modifies system executable filetype association

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Change Default File Association

1
T1042

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

4
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks