General
-
Target
88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
-
Size
372KB
-
Sample
221123-q2bv7aad9z
-
MD5
e0a53248959cc237d502045760eab3da
-
SHA1
f2747b669016607a3b44bb15be395b4d06afca31
-
SHA256
88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
-
SHA512
ccc48f7c9618939dbf176869bd73798e6ea967a7c12af6750d159dc89dca17714d48e59a0eb2b2bd412eea112f486acb66fea944f98c2fa87ebb9c341cd77a6c
-
SSDEEP
6144:ciJB3eMyCkgJeNXXr5k5MhPHq+pzQAABAh6Sn0/8163IG3vnpvSd8tnmTx+:hnOMyCqXre5i6AA+c81X8U8tn
Malware Config
Targets
-
-
Target
88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
-
Size
372KB
-
MD5
e0a53248959cc237d502045760eab3da
-
SHA1
f2747b669016607a3b44bb15be395b4d06afca31
-
SHA256
88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
-
SHA512
ccc48f7c9618939dbf176869bd73798e6ea967a7c12af6750d159dc89dca17714d48e59a0eb2b2bd412eea112f486acb66fea944f98c2fa87ebb9c341cd77a6c
-
SSDEEP
6144:ciJB3eMyCkgJeNXXr5k5MhPHq+pzQAABAh6Sn0/8163IG3vnpvSd8tnmTx+:hnOMyCqXre5i6AA+c81X8U8tn
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-