Overview

overview

10

Static

static

3

Nord.exe

windows7-x64

10

Nord.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nord.exe

  • Size

    457KB

  • Sample

    230523-qy359sgd3s

  • MD5

    d4550174e054ffb13487b153ff1853a6

  • SHA1

    793d8e4833f99853b7f11decf75508b2c30bf82c

  • SHA256

    9bd9cc4e2baf5d47340f1c4e1906289cef6eb1ce07e9889992592baaad5ba759

  • SHA512

    9957f5b91a22d8013e6f85cbb46ac1b1501d9fc0df4d05e3e1cbafb855959cdbbad99f36b2a852fbdb64dd398c49cfbbb5c8f64fa5917b1bfbb9937d67d68bb3

  • SSDEEP

    12288:3pcMPGVW2eU1KdQnrig69JoIq383K/MkBBN:nS+QnOz3oDZ/7H

Score
10/10
evasiontrojan

Malware Config

Targets

    • Target

      Nord.exe

    • Size

      457KB

    • MD5

      d4550174e054ffb13487b153ff1853a6

    • SHA1

      793d8e4833f99853b7f11decf75508b2c30bf82c

    • SHA256

      9bd9cc4e2baf5d47340f1c4e1906289cef6eb1ce07e9889992592baaad5ba759

    • SHA512

      9957f5b91a22d8013e6f85cbb46ac1b1501d9fc0df4d05e3e1cbafb855959cdbbad99f36b2a852fbdb64dd398c49cfbbb5c8f64fa5917b1bfbb9937d67d68bb3

    • SSDEEP

      12288:3pcMPGVW2eU1KdQnrig69JoIq383K/MkBBN:nS+QnOz3oDZ/7H

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks