Overview

overview

10

Static

static

693b52fdc6...e5.exe

windows7-x64

10

693b52fdc6...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    693b52fdc63a82b49cfe7ce12a98cafc9e28b1f0607f1ad6e5924ce2c4af99e5

  • Size

    164KB

  • Sample

    221014-jv84saeee7

  • MD5

    5a1b5e4d63c21989d4fdb2fe360a66b0

  • SHA1

    b2bb61777f900476928d411b39afab9dedee6932

  • SHA256

    693b52fdc63a82b49cfe7ce12a98cafc9e28b1f0607f1ad6e5924ce2c4af99e5

  • SHA512

    5a68446ecae76c03c203bddb36bbb095336524721b7757dfc72b7483a6368fdb648bb9cf23046788bebb33159c2bfea5e6f0ab71d7d0379f3ba579e89e94efc5

  • SSDEEP

    3072:OtZOOh8ZIzKuKfeaUbOL72TKBb4npuou3MwQpGV2qh7cz9qX:4ZTqvpePi72TBob3M4cz9

Score
10/10
nanocorekeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      693b52fdc63a82b49cfe7ce12a98cafc9e28b1f0607f1ad6e5924ce2c4af99e5

    • Size

      164KB

    • MD5

      5a1b5e4d63c21989d4fdb2fe360a66b0

    • SHA1

      b2bb61777f900476928d411b39afab9dedee6932

    • SHA256

      693b52fdc63a82b49cfe7ce12a98cafc9e28b1f0607f1ad6e5924ce2c4af99e5

    • SHA512

      5a68446ecae76c03c203bddb36bbb095336524721b7757dfc72b7483a6368fdb648bb9cf23046788bebb33159c2bfea5e6f0ab71d7d0379f3ba579e89e94efc5

    • SSDEEP

      3072:OtZOOh8ZIzKuKfeaUbOL72TKBb4npuou3MwQpGV2qh7cz9qX:4ZTqvpePi72TBob3M4cz9

    Score
    10/10
    nanocorekeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks