Overview

overview

10

Static

static

3

248bc96665...18.exe

windows7-x64

10

248bc96665...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    248bc96665bee5eb0d4ab15b7ba9f415_JaffaCakes118

  • Size

    646KB

  • Sample

    241008-yk5qyazdmj

  • MD5

    248bc96665bee5eb0d4ab15b7ba9f415

  • SHA1

    a2eb99044b82889546dd21adb441c27130dc9bcc

  • SHA256

    14d22c4a8a36f02fd6a2869f04d908f3d70de075d81dd576914d33019a6de214

  • SHA512

    237c6105722c8a7360a5891d939fed8db5907ff19f5378fa2326052e2cfdc9045f0f17aa6a80d322b389bbb13e3d8aabac02af54719a08a6e191b1426a213ec9

  • SSDEEP

    12288:ra/rmU5El82jSlI/ExacF3EubKHRHHWQpkerei1OOUGqB:rav5UjSlI/EPFQ12QOeKJEqB

Score
10/10
nanocorediscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      248bc96665bee5eb0d4ab15b7ba9f415_JaffaCakes118

    • Size

      646KB

    • MD5

      248bc96665bee5eb0d4ab15b7ba9f415

    • SHA1

      a2eb99044b82889546dd21adb441c27130dc9bcc

    • SHA256

      14d22c4a8a36f02fd6a2869f04d908f3d70de075d81dd576914d33019a6de214

    • SHA512

      237c6105722c8a7360a5891d939fed8db5907ff19f5378fa2326052e2cfdc9045f0f17aa6a80d322b389bbb13e3d8aabac02af54719a08a6e191b1426a213ec9

    • SSDEEP

      12288:ra/rmU5El82jSlI/ExacF3EubKHRHHWQpkerei1OOUGqB:rav5UjSlI/EPFQ12QOeKJEqB

    Score
    10/10
    nanocorediscoveryevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks