General
-
Target
f006fea7e2d1e39a982b6df9aa7a49c9_JaffaCakes118
-
Size
588KB
-
Sample
241214-wp3q2a1rbn
-
MD5
f006fea7e2d1e39a982b6df9aa7a49c9
-
SHA1
bb58ffec4c8160eefaa91daf6c40c120160f3775
-
SHA256
77951252d4134733a9eaa496d9f27ab18cbf199ecb15b16b9927a00de21c27b5
-
SHA512
08381b31216096c1a94f7fbabcb5bc151f2af6237674c819cdd19901defc400e0dfbaba4935c7a6dea2f0e6fa7b67ad2a2d20be4515ffacdadea6c5fe8dbd2fc
-
SSDEEP
6144:GNeEVcF70qyxiSGQ9fd9pwI82QrRdpJ0o:GN5cFRr+KNB0
Malware Config
Targets
-
-
Target
f006fea7e2d1e39a982b6df9aa7a49c9_JaffaCakes118
-
Size
588KB
-
MD5
f006fea7e2d1e39a982b6df9aa7a49c9
-
SHA1
bb58ffec4c8160eefaa91daf6c40c120160f3775
-
SHA256
77951252d4134733a9eaa496d9f27ab18cbf199ecb15b16b9927a00de21c27b5
-
SHA512
08381b31216096c1a94f7fbabcb5bc151f2af6237674c819cdd19901defc400e0dfbaba4935c7a6dea2f0e6fa7b67ad2a2d20be4515ffacdadea6c5fe8dbd2fc
-
SSDEEP
6144:GNeEVcF70qyxiSGQ9fd9pwI82QrRdpJ0o:GN5cFRr+KNB0
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks whether UAC is enabled
-