Overview

overview

10

Static

static

Order#SQ031776.exe

windows7-x64

1

Order#SQ031776.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order#SQ031776.exe

  • Size

    18KB

  • Sample

    220918-ezsv5sefer

  • MD5

    c2a18ada9607e7669fe7406261b83b43

  • SHA1

    496cc34bb91df74c0832a098e1e0148194abc1bc

  • SHA256

    d61a1d0331d101743be750b79e620768b3d6fb3a01a8075806f6f3d063d89eb8

  • SHA512

    a8e1f87e33df47a3721712f2dcfefd55e51fd3379d6484a36910effed0be73610ed724d01a9d49c360c57b9f2d56a07e794b9cbafed03335cc61084473b04c79

  • SSDEEP

    384:+Ypst0Uf+vAo/1b8XCt/z6ejVAFJL5jHaKDj0Ck3jso:1pWBf+vAoNWI/zpcNQC0Ck3F

Score
10/10
nanocoreevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Order#SQ031776.exe

    • Size

      18KB

    • MD5

      c2a18ada9607e7669fe7406261b83b43

    • SHA1

      496cc34bb91df74c0832a098e1e0148194abc1bc

    • SHA256

      d61a1d0331d101743be750b79e620768b3d6fb3a01a8075806f6f3d063d89eb8

    • SHA512

      a8e1f87e33df47a3721712f2dcfefd55e51fd3379d6484a36910effed0be73610ed724d01a9d49c360c57b9f2d56a07e794b9cbafed03335cc61084473b04c79

    • SSDEEP

      384:+Ypst0Uf+vAo/1b8XCt/z6ejVAFJL5jHaKDj0Ck3jso:1pWBf+vAoNWI/zpcNQC0Ck3F

    Score
    10/10
    nanocoreevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks