Overview

overview

10

Static

static

Order#SQ031776.exe

windows7-x64

1

Order#SQ031776.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order#SQ031776.zip

  • Size

    9KB

  • Sample

    220917-br35csghh2

  • MD5

    49300c88fba7a2913fa36cefa154849e

  • SHA1

    2971c05568527ee18bd805d71c70ff140e200c00

  • SHA256

    0994ab66c66395476f004efa10e19068cf44d3aeccb318dc657756057491643b

  • SHA512

    4ba80e7e1780631856152162393d63d6147ba58023451d1c5372e4f9ef46fcaf661fcb676ce109a9f9e46f164fabe5dfaaa36e00e01553040ad6ad42fe24500c

  • SSDEEP

    192:A36tvAtyEGDhaaeN/J/iVhZwDGymzC/eaaIwuVhevAUe97jYLR:AqtvAtyEtFNBzGfzEfTwv097kLR

Score
10/10
nanocoreevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Order#SQ031776.exe

    • Size

      18KB

    • MD5

      c2a18ada9607e7669fe7406261b83b43

    • SHA1

      496cc34bb91df74c0832a098e1e0148194abc1bc

    • SHA256

      d61a1d0331d101743be750b79e620768b3d6fb3a01a8075806f6f3d063d89eb8

    • SHA512

      a8e1f87e33df47a3721712f2dcfefd55e51fd3379d6484a36910effed0be73610ed724d01a9d49c360c57b9f2d56a07e794b9cbafed03335cc61084473b04c79

    • SSDEEP

      384:+Ypst0Uf+vAo/1b8XCt/z6ejVAFJL5jHaKDj0Ck3jso:1pWBf+vAoNWI/zpcNQC0Ck3F

    Score
    10/10
    nanocoreevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks