Overview

overview

10

Static

static

73371a0438...15.exe

windows7-x64

10

73371a0438...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15

  • Size

    408KB

  • Sample

    221126-kzfhpsff65

  • MD5

    a99a3908f39c9938c93a645ed8a00211

  • SHA1

    1cb84a1cc3d9e3caedc95c59910fc41e9da50cff

  • SHA256

    73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15

  • SHA512

    fee46cb29bd3f3cc682c34ddae08ae3574be34a7107eebabefdee12d100a9feda4bae408062d2fb99a37294b436a187be44f6b8312c6bb81276f619196e978fb

  • SSDEEP

    12288:VojzsKXS4wpRVSVQfNWf2GE5XafzJIMo6mRojzsKki:eYNpj+oXafz/mqY3i

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15

    • Size

      408KB

    • MD5

      a99a3908f39c9938c93a645ed8a00211

    • SHA1

      1cb84a1cc3d9e3caedc95c59910fc41e9da50cff

    • SHA256

      73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15

    • SHA512

      fee46cb29bd3f3cc682c34ddae08ae3574be34a7107eebabefdee12d100a9feda4bae408062d2fb99a37294b436a187be44f6b8312c6bb81276f619196e978fb

    • SSDEEP

      12288:VojzsKXS4wpRVSVQfNWf2GE5XafzJIMo6mRojzsKki:eYNpj+oXafz/mqY3i

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks