Overview

overview

10

Static

static

5

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

cracked dl...ib.dll

windows7-x64

1

cracked dl...ib.dll

windows10-2004-x64

3

dll data/BRD.dll

windows7-x64

5

dll data/BRD.dll

windows10-2004-x64

5

dll data/D...es.dll

windows7-x64

5

dll data/D...es.dll

windows10-2004-x64

5

resources/PIM.dll

windows7-x64

3

resources/PIM.dll

windows10-2004-x64

3

resources/...ry.dll

windows7-x64

3

resources/...ry.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e498b7a3b8c47519121d0f94bca46d9d4f4611a348377a1070cad78745e4f1b2

  • Size

    41.3MB

  • Sample

    221024-jqw9esfeam

  • MD5

    89556175fd38967e0cd5ff64c6ac46e3

  • SHA1

    0ac8d346e0d28462b79523624e9a79ff3f4b44f6

  • SHA256

    e498b7a3b8c47519121d0f94bca46d9d4f4611a348377a1070cad78745e4f1b2

  • SHA512

    9bd2995c7cdbcf959f27397251c7ca7ee85f1ed8b446b5b1ba161a745588e3987883aca805ea4f4bea06d5a2bd944d97437c8676362547356afa1698e2cd39d7

  • SSDEEP

    393216:rmkZWV+fhjq9sPDvYf3RrkcRXE/MgIRrkcRXE/Mg72Dve:rJZWIFDvs4XY4XUDW

Score
10/10
nanocorekeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      21.0MB

    • MD5

      8d2c812110771a601b50c35fc8566deb

    • SHA1

      93d2c215490b9abc362e17a4bab459675828b9e4

    • SHA256

      29dac6dc31f1359a11ebc13f86797b40f8d0c98f5f5a044541479926b37391f2

    • SHA512

      2549842a0ed61d71e91e9e46e0ef7b2b629a059dd72c969a2a5236dd164c457bfb012efc410a41d5c88c1424d7205096fbba55f67826ae8884462b25f20177c0

    • SSDEEP

      12288:LaWzgMg7v3qnCiMErQohh0F4CCJ8lny/QySARMgp77:+aHMv6Corjqny/QyxKe7

    Score
    10/10
    nanocorekeyloggerspywarestealertrojanpersistence

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      cracked dll/amtlib.dll

    • Size

      1.7MB

    • MD5

      69a95e60a3231cf5ff6715a32e98aa17

    • SHA1

      95998a498a8aa91c4cf7ccb23fc5cfec526e82fd

    • SHA256

      e560e1b25778fa669d8d4960e2a6a847cd0a4aa5d1042527f1a4998891b37d5f

    • SHA512

      a248b203bacb0c4ecaab2ad8961103b5115c6195e62000e6ec1a531d142c2a58cd8135d5789442b37634e51cfd15734f2049372ebfe870ad9575da2a792dcec6

    • SSDEEP

      49152:pCWDqQIXuvGZsenvmuhrj/oOqja4LT3Ibdycl7xtGsu7W:EZsevmuZQOqm4gTl7xtP

    Score
    3/10
    behavioral3behavioral4

    • Target

      dll data/BRD.dll

    • Size

      105KB

    • MD5

      4d25c6ffe68dd2f767444c4a68243171

    • SHA1

      71390b13ed224223a978853a6dc052acbd71e495

    • SHA256

      4a3e883249c4e6514987a0b21433548f7bda8bf419b9e9896792ecd8929cb8f4

    • SHA512

      6ab3cad97a099694d86bd5d7fcfd5ffeb94a516613b82b9d612e3df8e0e5a4fbb03f239eaec72133a63cf86b9aa3022a3ddd02365a9e65f9084614ba9e7cc79e

    • SSDEEP

      3072:wVufqMC3mgTsiRUqYgOx0u4Ha+Oat7M/5:g9mgTsiaqYgOx0uLS7Mh

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      dll data/DTCommonRes.dll

    • Size

      5.5MB

    • MD5

      5db21e39400f807d2ae7047c57dd0cec

    • SHA1

      9e65377522c06482b376e8c17be5822b357c5bb5

    • SHA256

      6b216cbf7e4d01d49e3ccb2b48aa7758cbecef064dbff1ecbff2e674bbb6208a

    • SHA512

      3e5fc38ae87baed136f41fa652494975a0cee1caf3a818927515e346015dbcbf2128ba58bb2a8484019398d5796fc66691e48f8268a7a6dae14224e2f85edf95

    • SSDEEP

      98304:N7bmxVSpxCE6SGAUw8xuikmi0Xso9Gbmv43HI+uFFFdaFFFd1CuU4202Lh2Eb22z:VbmxVwYkWCbmv4Y+uFFFsFFFOuU4202j

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

    • Target

      resources/PIM.dll

    • Size

      1.1MB

    • MD5

      8a8d943c793fe03b7fc5d7b7119a966c

    • SHA1

      1cb156d3eccec109b049bfe3acc815091080c62e

    • SHA256

      48140a6d158c3da0e42bd745405360917241c5d52c779d97501e218c205042fa

    • SHA512

      8de627fb8220c3e03879b7fb97ee829d87a73da6e3b05059d657848452410c5524d19553b1533cbb42410aa6835c1fc665140f6394577eb75c94e6327fddd640

    • SSDEEP

      24576:2vHs74ORv0WoUvDvdpEoV4eta7QMFH8PqLirMAY1Y7z5wkIhDhTAZ4VU:qs74W0ADvYNnFOx5ChFTAZyU

    Score
    3/10
    behavioral9behavioral10

    • Target

      resources/updaterinventory.dll

    • Size

      390KB

    • MD5

      67833490c932595c1d43e4ff6af8032a

    • SHA1

      63b51d67b5bf352612b4e6becf8baea6f6f63bf8

    • SHA256

      25df5b89e67dff662889f4cb971ed187a5edd79cb17078034b194f7102d28a85

    • SHA512

      2a99d2cd919a4623e6a37bfd1fe409986fc5f048abe5176037657ba58d536c14fddb80f411faf145e4defcaf48f828f346faff059dd0962e8dce0fcd674619ff

    • SSDEEP

      12288:HEWx47pu9X6K0PtT0HOfwqevSvdvmvmNb1NPFb:kWUpu9KJtT0HOfwGNb1Tb

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks