General
-
Target
bdf354d3fc416d0d8bac9c25b02ef4e112ffb794b9c3ca69331925503e6c9931
-
Size
4.6MB
-
Sample
220725-ez1wraeea5
-
MD5
5102df3fcc9d3f97bb55ce858adc53b1
-
SHA1
5f91282fe116c4f2ac48c05fd7220a35dfaa73d9
-
SHA256
bdf354d3fc416d0d8bac9c25b02ef4e112ffb794b9c3ca69331925503e6c9931
-
SHA512
f6536fafaf1852397ff1369a4d27a78c6465f71b3f689b06080f83bd1bbd4caf9286a2c7703c54243f01b3493dfb54c4722ab74aa27b956260621728b17f2ae8
Malware Config
Targets
-
-
Target
bdf354d3fc416d0d8bac9c25b02ef4e112ffb794b9c3ca69331925503e6c9931
-
Size
4.6MB
-
MD5
5102df3fcc9d3f97bb55ce858adc53b1
-
SHA1
5f91282fe116c4f2ac48c05fd7220a35dfaa73d9
-
SHA256
bdf354d3fc416d0d8bac9c25b02ef4e112ffb794b9c3ca69331925503e6c9931
-
SHA512
f6536fafaf1852397ff1369a4d27a78c6465f71b3f689b06080f83bd1bbd4caf9286a2c7703c54243f01b3493dfb54c4722ab74aa27b956260621728b17f2ae8
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-