Overview

overview

10

Static

static

df044df75d...62.exe

windows7-x64

10

df044df75d...62.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df044df75d68bdc85e0ba0821df2574d128532837eca817e83a4412ce27fc862

  • Size

    312KB

  • Sample

    221125-hqhklahd99

  • MD5

    5d00627acef34a061468495b8b122926

  • SHA1

    1c22ab8f0fb40143f2695255da641d738b976d89

  • SHA256

    df044df75d68bdc85e0ba0821df2574d128532837eca817e83a4412ce27fc862

  • SHA512

    01e1ddfa3026293281e898e83fe9c717ec2ac04c200a2e5372e1328a0d99edc47f1183a70952faa9334f8322dd40d012a598ca14d53e5f3b02030d5f12d43acc

  • SSDEEP

    6144:iBUKwblom4GBI4GdS12lZYp0kzrbWA0SCT1cACTfgjdlA:3xlom4G+4Go1MOxeA0z1kfgjdlA

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      df044df75d68bdc85e0ba0821df2574d128532837eca817e83a4412ce27fc862

    • Size

      312KB

    • MD5

      5d00627acef34a061468495b8b122926

    • SHA1

      1c22ab8f0fb40143f2695255da641d738b976d89

    • SHA256

      df044df75d68bdc85e0ba0821df2574d128532837eca817e83a4412ce27fc862

    • SHA512

      01e1ddfa3026293281e898e83fe9c717ec2ac04c200a2e5372e1328a0d99edc47f1183a70952faa9334f8322dd40d012a598ca14d53e5f3b02030d5f12d43acc

    • SSDEEP

      6144:iBUKwblom4GBI4GdS12lZYp0kzrbWA0SCT1cACTfgjdlA:3xlom4G+4Go1MOxeA0z1kfgjdlA

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks