General

  • Target

    e8c3ec55950a60eefb87804fc8d9f8c940b736acbe58cc6a57e2c1fd9f8f45d8

  • Size

    312KB

  • Sample

    221126-jct7xafc3v

  • MD5

    b1635eb217a35ad017b325de9bd716c9

  • SHA1

    995529fb8a3bb60a6955d5ec99d60f022abe82b0

  • SHA256

    e8c3ec55950a60eefb87804fc8d9f8c940b736acbe58cc6a57e2c1fd9f8f45d8

  • SHA512

    fd806f143181aeb3084315086b8a3ff0da7c4a817956ce7d7ff5d2afb0b39e6d24fb112b0b6a0de1d85ebb050344c9e0ff7685d90f01a8f425f75e68f0bbf35f

  • SSDEEP

    6144:fnqFEryl06nGjUuHFYA1HZ7pVvzhu9douIzZPgFTxslFLw:fnlyl90vh57Xhu9WuCZPMVEF

Malware Config

Targets

    • Target

      e8c3ec55950a60eefb87804fc8d9f8c940b736acbe58cc6a57e2c1fd9f8f45d8

    • Size

      312KB

    • MD5

      b1635eb217a35ad017b325de9bd716c9

    • SHA1

      995529fb8a3bb60a6955d5ec99d60f022abe82b0

    • SHA256

      e8c3ec55950a60eefb87804fc8d9f8c940b736acbe58cc6a57e2c1fd9f8f45d8

    • SHA512

      fd806f143181aeb3084315086b8a3ff0da7c4a817956ce7d7ff5d2afb0b39e6d24fb112b0b6a0de1d85ebb050344c9e0ff7685d90f01a8f425f75e68f0bbf35f

    • SSDEEP

      6144:fnqFEryl06nGjUuHFYA1HZ7pVvzhu9douIzZPgFTxslFLw:fnlyl90vh57Xhu9WuCZPMVEF

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks