Overview

overview

10

Static

static

586af6c00f...45.exe

windows7-x64

10

586af6c00f...45.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    586af6c00f34b531eac2f1d9e131859c8ae51d6f72203905b8f33f19ed195645

  • Size

    184KB

  • Sample

    221125-tcvtjscg4w

  • MD5

    d9ddc5f66b5f3f23eff074a07ad5d351

  • SHA1

    1bb6e61d5adaaa339ece51f83da18ecef90fb5ec

  • SHA256

    586af6c00f34b531eac2f1d9e131859c8ae51d6f72203905b8f33f19ed195645

  • SHA512

    b8246e467f3aaedd3132b5ccafff94210f8d44779d0225bc7c28297ba5962605d2f960936c112a27b3b890183257456e37dfa67c23249b8389934ffba79dac71

  • SSDEEP

    3072:Hj/kZn6YQDLjfsXpE648bEbxwraBymHWFtZYVDw7xaxbcl2Hvl8cWHlV:HzkZn6NDLw5E648bEb6Fm29bEIl2Hd

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      586af6c00f34b531eac2f1d9e131859c8ae51d6f72203905b8f33f19ed195645

    • Size

      184KB

    • MD5

      d9ddc5f66b5f3f23eff074a07ad5d351

    • SHA1

      1bb6e61d5adaaa339ece51f83da18ecef90fb5ec

    • SHA256

      586af6c00f34b531eac2f1d9e131859c8ae51d6f72203905b8f33f19ed195645

    • SHA512

      b8246e467f3aaedd3132b5ccafff94210f8d44779d0225bc7c28297ba5962605d2f960936c112a27b3b890183257456e37dfa67c23249b8389934ffba79dac71

    • SSDEEP

      3072:Hj/kZn6YQDLjfsXpE648bEbxwraBymHWFtZYVDw7xaxbcl2Hvl8cWHlV:HzkZn6NDLw5E648bEb6Fm29bEIl2Hd

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks