Overview

overview

10

Static

static

f7d9d4ca14...23.exe

windows7-x64

10

f7d9d4ca14...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7d9d4ca140f041c794869885b13e56e9cfbd1c9cacc3441540368324b7e4023

  • Size

    844KB

  • Sample

    221123-pv8e5sfd8z

  • MD5

    65f3288c542e20460186435829d8f386

  • SHA1

    468862a1748cba16e163ff88a477bae08dc920fe

  • SHA256

    f7d9d4ca140f041c794869885b13e56e9cfbd1c9cacc3441540368324b7e4023

  • SHA512

    cb8a28d8ccacf6573ef48668365ffd8e52eb8cd0c56a1bba880bfd46ac2764105119580c4fafe4f93d06ac792084d05ab3a4c8abbdf58ad773353350707f3918

  • SSDEEP

    12288:nwotByF6npG8mwnV9qF/iLRlCO+YaYC+1JbfBjQd:wobBGNm7wqLGnH+5jQ

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      f7d9d4ca140f041c794869885b13e56e9cfbd1c9cacc3441540368324b7e4023

    • Size

      844KB

    • MD5

      65f3288c542e20460186435829d8f386

    • SHA1

      468862a1748cba16e163ff88a477bae08dc920fe

    • SHA256

      f7d9d4ca140f041c794869885b13e56e9cfbd1c9cacc3441540368324b7e4023

    • SHA512

      cb8a28d8ccacf6573ef48668365ffd8e52eb8cd0c56a1bba880bfd46ac2764105119580c4fafe4f93d06ac792084d05ab3a4c8abbdf58ad773353350707f3918

    • SSDEEP

      12288:nwotByF6npG8mwnV9qF/iLRlCO+YaYC+1JbfBjQd:wobBGNm7wqLGnH+5jQ

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks