Overview

overview

10

Static

static

3

7c26b6c3cd...18.exe

windows7-x64

10

7c26b6c3cd...18.exe

windows10-2004-x64

10

Resubmissions

28-05-2024 07:29

240528-jbhsgscb67 10

28-05-2024 07:20

240528-h6cpaabh93 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c26b6c3cd05b0815037f5cafd13e237_JaffaCakes118

  • Size

    553KB

  • Sample

    240528-jbhsgscb67

  • MD5

    7c26b6c3cd05b0815037f5cafd13e237

  • SHA1

    c9977e3771c0ac0e06bc286fce230fe64317ec27

  • SHA256

    30b2748b757fab768959b46cd67c4397fd79a4aa54e3446b7fbbbb46365d8a58

  • SHA512

    7fb32bed3f6470b4cff0523bb53f07f9c81bc6683bdefcec397613ed07a170e1e8de3fa3629edb61d26d7826356f548c3623ac9c0b98767e85889681563afe76

  • SSDEEP

    12288:UEyJXR26P1lamEzK+Q9D8+OHn6y2yadF0Kqss:UDV1aDzK+s87HMTF0K

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      7c26b6c3cd05b0815037f5cafd13e237_JaffaCakes118

    • Size

      553KB

    • MD5

      7c26b6c3cd05b0815037f5cafd13e237

    • SHA1

      c9977e3771c0ac0e06bc286fce230fe64317ec27

    • SHA256

      30b2748b757fab768959b46cd67c4397fd79a4aa54e3446b7fbbbb46365d8a58

    • SHA512

      7fb32bed3f6470b4cff0523bb53f07f9c81bc6683bdefcec397613ed07a170e1e8de3fa3629edb61d26d7826356f548c3623ac9c0b98767e85889681563afe76

    • SSDEEP

      12288:UEyJXR26P1lamEzK+Q9D8+OHn6y2yadF0Kqss:UDV1aDzK+s87HMTF0K

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks