nanocore | 1ec294c1fb059743f946ed9cdd9949d45a724db845ad8af8ac46f35d13c09e73

Sharing

Copy URL

Twitter E-mail

General

Target

Proxy_Tools_and_Grabbers.rar
Size

137.3MB
Sample

241028-th64rs1kgs
MD5

0325df826cf44b475b70c8244cec2947
SHA1

125f6731a9b6f09eb66b4c02095d2090d70df1da
SHA256

1ec294c1fb059743f946ed9cdd9949d45a724db845ad8af8ac46f35d13c09e73
SHA512

d60acc19f26df90bbf1ba0f91dc24022f7fe73d952a137b9aa07f76a2d45e1498ddeaf3d9f365a201e29aa619247cebadd87c0054e0d288a2ea169e4f6296dac
SSDEEP

3145728:pqGX7Lf3D39l2pp9TCW8aZiQ+nc321i0EHTQD8XBD:7T39l24WGi0EHTQiD

Score

10^/10

Malware Config

Targets

- Target
  
  Proxy_Tools_and_Grabbers.rar
- Size
  
  137.3MB
- MD5
  
  0325df826cf44b475b70c8244cec2947
- SHA1
  
  125f6731a9b6f09eb66b4c02095d2090d70df1da
- SHA256
  
  1ec294c1fb059743f946ed9cdd9949d45a724db845ad8af8ac46f35d13c09e73
- SHA512
  
  d60acc19f26df90bbf1ba0f91dc24022f7fe73d952a137b9aa07f76a2d45e1498ddeaf3d9f365a201e29aa619247cebadd87c0054e0d288a2ea169e4f6296dac
- SSDEEP
  
  3145728:pqGX7Lf3D39l2pp9TCW8aZiQ+nc321i0EHTQD8XBD:7T39l24WGi0EHTQiD
Score

7^/10

discovery
- Executes dropped EXE
behavioral1 behavioral2
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/Virus Total/scan.txt
- Size
  
  109B
- MD5
  
  2e99fbaf1ad4f921ebe1ba0adb710c25
- SHA1
  
  6335db361e4666581ca3fd9d594ab1827dba734c
- SHA256
  
  f2f02c614c4a88b423ad0a404f7f5e7c1d33c5445e75f3d6f651ae6e791cdd57
- SHA512
  
  ac7ccfcc0fd077218cfc8130d587ef03f2e2ca539b052e1f8c224f46a000884b1da1c7daa43600f767b8f3c4da545e0a3832f75caa771022281dbf75ef1ea175
Score

1^/10
behavioral3 behavioral4
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/changelog.txt
- Size
  
  1KB
- MD5
  
  05fecd34dcc4b852610cd1cebac05e49
- SHA1
  
  8725a75466fce99b75620ff096788df5b1baf8bf
- SHA256
  
  d134037d9b891bc3f33c55095cfc9054251d0e46104dba51603171f8b876b41e
- SHA512
  
  fcdf327fc0e109daf75d9539936c54704362c77985a51b1fac237033bf51fd497e71c4815e654f00e6a86746de88f4a88eab6c0b30c68229afdf51bba138788c
Score

1^/10
behavioral5 behavioral6
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral7 behavioral8
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/LICENCE.dat
- Size
  
  77KB
- MD5
  
  5180046f168dfd684b5bf268f5a0fa56
- SHA1
  
  ac8202ad5c94eb4d9e6227af92b5120e6d1b7ce7
- SHA256
  
  4139baa8beebcde4504c33bc88cf13b9ab9f32e4a054871ebeb82be6b84edc01
- SHA512
  
  04add8dc053c39a594e7889071b3fb9036fdc978b6f39f769c38b322e18a4ea6e05b6b66d97f0ac40c58f39120c791006a5b732da46ceba799e0db74afbed3e0
- SSDEEP
  
  1536:bI/R7579yweD2eLs3GBO1RC519JDVvJtHpm66QTpWoF6Twijg6:G9ZyweDLLs3GYCnDTdp76K6su
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral10 behavioral9
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/README.txt
- Size
  
  467B
- MD5
  
  1e6dce4ea07eae3d6c58ce8b97765aba
- SHA1
  
  f2847347901960db0df6ee83d8b97ee476bed3e8
- SHA256
  
  47f0ad2ce8c4e4ab79ae735ebcecdfb64eef3617b079dfc39a56d12ebe12ac28
- SHA512
  
  aebf0b974155304520168752c58e4299578cbada766d284e233c9fcca688d283f9dd1c2d26328e101f3d2c075b7d0d27673f1eefd959bb09180c384b52fc4dcd
Score

1^/10
behavioral13 behavioral14
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/System.Data.SQLite.dll
- Size
  
  944KB
- MD5
  
  ce6481b5bb8c8e9b20df8e49e10f7941
- SHA1
  
  3dc764f4cf9eff56b632fceb10abf6a8484d12cf
- SHA256
  
  82aecf9b9064fba2fd08d859b66983ed6338bca0e34b8827f64a68a47b5f2dcf
- SHA512
  
  b898ab9e2489bb13090308d8213b78065f60b0f76e67e50fae87fa397cbfbc00001cb9369c71a197f425ddd1c61e2c68f4023c9413aac33d51612e23c62af900
- SSDEEP
  
  24576:2NQOW38FYn8so0ZypaIf6zQVp+qE1QJdQYh:2Nq3uspAjnFE1QJKs
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/changelog.txt
- Size
  
  1KB
- MD5
  
  05fecd34dcc4b852610cd1cebac05e49
- SHA1
  
  8725a75466fce99b75620ff096788df5b1baf8bf
- SHA256
  
  d134037d9b891bc3f33c55095cfc9054251d0e46104dba51603171f8b876b41e
- SHA512
  
  fcdf327fc0e109daf75d9539936c54704362c77985a51b1fac237033bf51fd497e71c4815e654f00e6a86746de88f4a88eab6c0b30c68229afdf51bba138788c
Score

1^/10
behavioral17 behavioral18
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/data/vProxy.exe
- Size
  
  466KB
- MD5
  
  b34a3021500c7a79b55081b7194664f1
- SHA1
  
  7b62be035527c526f6114153949d8885be5fbd33
- SHA256
  
  b057a64a465ea3c94c4c0cc3c64cdd92fc0c1c4fb9b31474d787c592b006d896
- SHA512
  
  64da2e49f0e0280c3430ec8b6d4b5ab197d134e434c93d04bb23f9877ceaedaf181ab36deaf8d3c5a0b4a92788a5d0e45d0b01e92d074ef33e65b828d8cbf0ec
- SSDEEP
  
  1536:VQWoajaXCEZv8DRajsk0cfBPs99fvhgPlVi3CybkEi1PUleriKC7JfFaEqvs54Ri:wnPZv8DRuti37ub97ub97ub6ygkOCbA
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Proxy Tools and Grabbers/vProxy v1.4 by Yani/vProxy.exe
- Size
  
  198KB
- MD5
  
  dc4d9ff8ede0e748043707e6fc93e5ea
- SHA1
  
  9ce574509b10b02a1c6e6247b55c6a82b7aff7f1
- SHA256
  
  7d754a9d4994a4e3bc6f5f44553e8761b556fbcd765ce30a1ef63f4309bc454b
- SHA512
  
  71d51b18709417b56731ab0c13f407af133bef14df7321061b88643cd63749e829ab713bdc19293f11d280679eddaec1c504cd0c8948866b7f9bc1516e7a57e9
- SSDEEP
  
  1536:g4l5eP/GiTM6J/2ehpedrhaxa1sTLm/kWu7TINatazF9W:g4l5biACh4hKev3nkX
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral21 behavioral22
- Target
  
  Proxy Tools and Grabbers/μProxy Tool v1.81/Data/Source/HttpSource.txt
- Size
  
  714B
- MD5
  
  5eb4caaab3d418d0b9a48c1fdf5087f5
- SHA1
  
  bc571fc7aa5c5a6e30a62bfdf8994fa27f844766
- SHA256
  
  51f78b092cd17bab6707b62e11caeddeee69bf345216019211a122beb16a0e20
- SHA512
  
  86c789a1c983327050ded9e1ac4692d311c0f388a3629c734c3224125d43a53bd7102f9510f73f3d66e6150ad5bf920a13fb54859c5d8280c928af7e3209846d
Score

1^/10
behavioral23 behavioral24
- Target
  
  Proxy Tools and Grabbers/μProxy Tool v1.81/Data/Source/SocksSource.txt
- Size
  
  821B
- MD5
  
  f6fb90d34c776c38c952c2aa46aa3e15
- SHA1
  
  5f7b6ca6cf4f6e9a44db5aea1d15804e2c6ea1b0
- SHA256
  
  38ba0dad7b545340eb10d329fece890814260ffe17b1cbb0bbe3910e43e57e2e
- SHA512
  
  a8bc705b384aad9909ac82261567c8de3c101559cc04cee4c216a57bbfab7ee0738fcdf5748fcecfb1497b21027a333666bbec14307a228357ab4703ffc236f4
Score

1^/10
behavioral25 behavioral26
- Target
  
  Proxy Tools and Grabbers/μProxy Tool v1.81/Virus Total/desktop.ini
- Size
  
  44B
- MD5
  
  c279803b27f13369aa54fc9b84b72468
- SHA1
  
  01d430e118952d9e077fdcd7ff13084d375995dc
- SHA256
  
  d80758a34364cab9de42ff6ed57bcc753a0936ddddf9952c5b4fb9ff0d7966c9
- SHA512
  
  2ba7cfe2fd561a0cc4fdc39ab7e6fe9ea9aee8618afe31030a0a79af06542b83ef66ec4817c646f027e1733263cb46a9a9b6432f01f6a938fa29080a59e44678
Score

1^/10
behavioral27 behavioral28
- Target
  
  Proxy Tools and Grabbers/μProxy Tool v1.81/Virus Total/scan.txt
- Size
  
  109B
- MD5
  
  2e99fbaf1ad4f921ebe1ba0adb710c25
- SHA1
  
  6335db361e4666581ca3fd9d594ab1827dba734c
- SHA256
  
  f2f02c614c4a88b423ad0a404f7f5e7c1d33c5445e75f3d6f651ae6e791cdd57
- SHA512
  
  ac7ccfcc0fd077218cfc8130d587ef03f2e2ca539b052e1f8c224f46a000884b1da1c7daa43600f767b8f3c4da545e0a3832f75caa771022281dbf75ef1ea175
Score

1^/10
behavioral29 behavioral30
- Target
  
  Proxy Tools and Grabbers/μProxy Tool v1.81/check.ini
- Size
  
  10KB
- MD5
  
  54d9f6f449568e7fa52da833dc695cd1
- SHA1
  
  75317d23a91addeb3226d576080c2696329bd4b9
- SHA256
  
  dff800e18bd1518b8eb2a9021055a8001f243ca175806d8a2a14a39371957fdb
- SHA512
  
  603491b1b76611ea5628522296d057e31cc097809da4e267006d4b752d17bac449543b3f0c5aa8fa7f3a6eade9168c200c49081b3c95a8be997b9d5336cd641c
- SSDEEP
  
  192:1ZdUOzZd30wZ5NT6y6o6cI6s7q6u5b676zI6h6E6F6u6ZIV36b6iI62l68gQ:1ZqOzZV0wZv29/cfiCe+zfgLk5ZSqei4
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32