General
-
Target
73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15
-
Size
408KB
-
Sample
221126-kzfhpsff65
-
MD5
a99a3908f39c9938c93a645ed8a00211
-
SHA1
1cb84a1cc3d9e3caedc95c59910fc41e9da50cff
-
SHA256
73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15
-
SHA512
fee46cb29bd3f3cc682c34ddae08ae3574be34a7107eebabefdee12d100a9feda4bae408062d2fb99a37294b436a187be44f6b8312c6bb81276f619196e978fb
-
SSDEEP
12288:VojzsKXS4wpRVSVQfNWf2GE5XafzJIMo6mRojzsKki:eYNpj+oXafz/mqY3i
Malware Config
Targets
-
-
Target
73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15
-
Size
408KB
-
MD5
a99a3908f39c9938c93a645ed8a00211
-
SHA1
1cb84a1cc3d9e3caedc95c59910fc41e9da50cff
-
SHA256
73371a04380683a8c5e28e73f8a74b604441f445ae898bdcd25f364c39b34c15
-
SHA512
fee46cb29bd3f3cc682c34ddae08ae3574be34a7107eebabefdee12d100a9feda4bae408062d2fb99a37294b436a187be44f6b8312c6bb81276f619196e978fb
-
SSDEEP
12288:VojzsKXS4wpRVSVQfNWf2GE5XafzJIMo6mRojzsKki:eYNpj+oXafz/mqY3i
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-