Overview

overview

10

Static

static

3

download.exe

windows10-2004-x64

10

download.exe

windows11-21h2-x64

10

Resubmissions

29/10/2024, 10:45 UTC

241029-mtr1natlaw 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sorenq (1).zip

  • Size

    4.0MB

  • Sample

    241029-mtr1natlaw

  • MD5

    8c8355a5982d5c23cf46e1bc208d71f9

  • SHA1

    f3582d5e9ff9d8a93f81fa573b6fe96715002823

  • SHA256

    6421b8dd3f429921cd2cd3b9d6809f8a860d2f6acb58be9387ff14541dc07878

  • SHA512

    fae8127f885f706d57b9af4c5bcc0c45303301f03da316558ec18e5a67d3532d579d7845e1a3042d19326f06ddbcbd5aadea4590fcd6beac9ef0f3f012274696

  • SSDEEP

    98304:i83pEdZEqpFLPHmYT4sww+/HDPT8pwC8AEP0jdSeww80MDeMy+O:dZjqL6idm84L0ceD

Score
10/10
nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      download.exe

    • Size

      4.0MB

    • MD5

      5577c8755bee3b80e17e42e80eadde86

    • SHA1

      79ebbc3f9d175669ee090f53b93a925b42281b73

    • SHA256

      85ba99319f22cde0abd25e839a7a230a730f1d52e546754873e479be88e65da1

    • SHA512

      2d88bc7339c5629e21c00dbf63152a3389110752be0610d8744ce5f89037701e51f40a102730f9e843555749e69607c3b8896b5fbcab76662ab3a3640e45053d

    • SSDEEP

      98304:oPk7tEUpppPxYyTUsAoQ9/hZjipqYW+YHeFJeAuw8agFo2Gm:GdUfAaBE+OzYIo

    Score
    10/10
    nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

    • Modifies WinLogon for persistence

      persistence

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Nanocore family

      nanocore

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.