Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1228008626753372180/1248329617203527851/stub_safety.zip?ex=6704c4cd&is=6703734d&hm=107dffaba4b0aa177a50b58efc0b0ab89a5618e6c913d379d0e189c354712082&

  • Sample

    241007-p5pqsazepe

Score
10/10
nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1228008626753372180/1248329617203527851/stub_safety.zip?ex=6704c4cd&is=6703734d&hm=107dffaba4b0aa177a50b58efc0b0ab89a5618e6c913d379d0e189c354712082&

    Score
    10/10
    nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks