General

  • Target

    file

  • Size

    275KB

  • Sample

    240504-tp164aag9x

  • MD5

    62aa2298261b2859a07323a72af5bf84

  • SHA1

    ece71b68a94da29e00ecb4fae68940d0309fdd67

  • SHA256

    4646602d39d5f9e98068b11413f49272e1e5645784fbfe925d7d26ff74b8aecf

  • SHA512

    277bbda1baf27942f5470f7127008c9f9e778aa99510d82ff24e04576825d520a8882c60e06a4896da694e125c035e6e29639cceed4e08d84ceb5569ed8fdb2c

  • SSDEEP

    3072:1iigAkHnjPIQ6KSEX/18HHPaW+LN7DxRLlzgcr:HgAkHnjPIQBSEKnPCN7jDr

Malware Config

Targets

    • Target

      file

    • Size

      275KB

    • MD5

      62aa2298261b2859a07323a72af5bf84

    • SHA1

      ece71b68a94da29e00ecb4fae68940d0309fdd67

    • SHA256

      4646602d39d5f9e98068b11413f49272e1e5645784fbfe925d7d26ff74b8aecf

    • SHA512

      277bbda1baf27942f5470f7127008c9f9e778aa99510d82ff24e04576825d520a8882c60e06a4896da694e125c035e6e29639cceed4e08d84ceb5569ed8fdb2c

    • SSDEEP

      3072:1iigAkHnjPIQ6KSEX/18HHPaW+LN7DxRLlzgcr:HgAkHnjPIQBSEKnPCN7jDr

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks