General
-
Target
2a8b2d4cf5f2054a01ea2d5c8d9b71e8f1706f74c251bb16684c98fa25b9a64dN
-
Size
647KB
-
Sample
241004-b24hwa1eqa
-
MD5
ff2da6a2d2e29d76e8ee869fa07f7530
-
SHA1
ece7a717f8a6e7973c78cadf87d6449e116fe9f4
-
SHA256
2a8b2d4cf5f2054a01ea2d5c8d9b71e8f1706f74c251bb16684c98fa25b9a64d
-
SHA512
03334e7e0903ba6b4c4611443722f5c8cf07c974b7ca36d7e1a0a62a4c83bb13702d5b3761f72c288d2bf1e0fbcc4a878559a864fe3147ce8f51a00345818721
-
SSDEEP
12288:ra/rmU5El82jSlI/ExacF3gnxbCEjLz35gRHHi3xED:rav5UjSlI/EPFmOmLz35g9H4xED
Malware Config
Targets
-
-
Target
2a8b2d4cf5f2054a01ea2d5c8d9b71e8f1706f74c251bb16684c98fa25b9a64dN
-
Size
647KB
-
MD5
ff2da6a2d2e29d76e8ee869fa07f7530
-
SHA1
ece7a717f8a6e7973c78cadf87d6449e116fe9f4
-
SHA256
2a8b2d4cf5f2054a01ea2d5c8d9b71e8f1706f74c251bb16684c98fa25b9a64d
-
SHA512
03334e7e0903ba6b4c4611443722f5c8cf07c974b7ca36d7e1a0a62a4c83bb13702d5b3761f72c288d2bf1e0fbcc4a878559a864fe3147ce8f51a00345818721
-
SSDEEP
12288:ra/rmU5El82jSlI/ExacF3gnxbCEjLz35gRHHi3xED:rav5UjSlI/EPFmOmLz35g9H4xED
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-