General

  • Target

    8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520.exe

  • Size

    2.0MB

  • Sample

    241007-b29pwsxgpk

  • MD5

    0fd258899fb1afe14d8bd10503263901

  • SHA1

    a74e78231d749099ed97a3990fa956b8ccbcbcfd

  • SHA256

    8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520

  • SHA512

    0d263abf7a29554b570633f17b7172531e343448c2b5969a00d81b04fd758250ba9398427c59d6e2270db6c19563e4eb6e648f946e6eb131ea43b6fb89349916

  • SSDEEP

    49152:epQUjibrS75idST2/sBqEHw9lwsbpt23LObtPg4AZY0j5s5mZTiC+xccccccEww3:Dc3wrNIRZKccccccEwwww

Malware Config

Targets

    • Target

      8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520.exe

    • Size

      2.0MB

    • MD5

      0fd258899fb1afe14d8bd10503263901

    • SHA1

      a74e78231d749099ed97a3990fa956b8ccbcbcfd

    • SHA256

      8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520

    • SHA512

      0d263abf7a29554b570633f17b7172531e343448c2b5969a00d81b04fd758250ba9398427c59d6e2270db6c19563e4eb6e648f946e6eb131ea43b6fb89349916

    • SSDEEP

      49152:epQUjibrS75idST2/sBqEHw9lwsbpt23LObtPg4AZY0j5s5mZTiC+xccccccEww3:Dc3wrNIRZKccccccEwwww

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks