Static task
static1
Behavioral task
behavioral1
Sample
Trojan.NoEscape.exe
Resource
macos-20240711.1-en
General
-
Target
Trojan.NoEscape.zip
-
Size
617KB
-
MD5
6249d14bba6f2e578af50a32bac74651
-
SHA1
de4bf281a7c8c1f11c614b7f53e34f0accb2950a
-
SHA256
23e622bd84485f58e4cffd07549e86554778dcb56de0af90a482b0672536cb0d
-
SHA512
b6c50493b35f2832770c5440c680887248636009e7ce162de48b1e0b0f00fcb342e08bda767c52968128e4862eede7b1ce9c328072082703a471d6b6e320b133
-
SSDEEP
12288:clU4YRQtxO8ItI1ks2ZrWWxwgCG/Va2TIRKH4MiySfKRQFrtaX:j4YaOtIas2ZHxd9N52rYX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Trojan.NoEscape.exe
Files
-
Trojan.NoEscape.zip.zip
Password: infected
-
Trojan.NoEscape.exe.exe windows:6 windows x86 arch:x86
Password: infected
f400a8c725e9bcee856360087d72fec3
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
GetModuleHandleA
GetProcAddress
netapi32
NetUserAdd
ntdll
RtlGetVersion
user32
GetDC
gdi32
BitBlt
advapi32
FreeSid
shell32
ShellExecuteW
ole32
CoTaskMemFree
bcrypt
BCryptGenRandom
vcruntime140
wcsstr
api-ms-win-crt-string-l1-1-0
wmemcpy_s
api-ms-win-crt-runtime-l1-1-0
exit
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
Sections
.MPRESS1 Size: 609KB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 18KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE