General

  • Target

    1d7baeb655ac52bbc6dc76616fc3c321c154f281c6b417a52ea97a3bdc463df7

  • Size

    312KB

  • Sample

    221126-jcvtfafc3x

  • MD5

    46090541ce7f50f318626c97268bf028

  • SHA1

    bb8f04dee8d83d05f0914d48dd21d3a13a4456d2

  • SHA256

    1d7baeb655ac52bbc6dc76616fc3c321c154f281c6b417a52ea97a3bdc463df7

  • SHA512

    0f816dac241eb73f9e3a1173aceea164b961db495991aecb78719c129106b601006fe8e8ef79559d9c2b00ad2b54078fcbbaddf35712b7ae05b596ea69924c82

  • SSDEEP

    6144:fnqFEryl06nGjUuHFYA1HZ7pVvzhu9douIzZPgFTxslFLwV:fnlyl90vh57Xhu9WuCZPMVEFq

Malware Config

Targets

    • Target

      1d7baeb655ac52bbc6dc76616fc3c321c154f281c6b417a52ea97a3bdc463df7

    • Size

      312KB

    • MD5

      46090541ce7f50f318626c97268bf028

    • SHA1

      bb8f04dee8d83d05f0914d48dd21d3a13a4456d2

    • SHA256

      1d7baeb655ac52bbc6dc76616fc3c321c154f281c6b417a52ea97a3bdc463df7

    • SHA512

      0f816dac241eb73f9e3a1173aceea164b961db495991aecb78719c129106b601006fe8e8ef79559d9c2b00ad2b54078fcbbaddf35712b7ae05b596ea69924c82

    • SSDEEP

      6144:fnqFEryl06nGjUuHFYA1HZ7pVvzhu9douIzZPgFTxslFLwV:fnlyl90vh57Xhu9WuCZPMVEFq

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks