General
-
Target
2025-03-29_e4315017ccc1f9d1a181f2d2f501b96c_agent-tesla_amadey_hawkeye_smoke-loader
-
Size
7.6MB
-
Sample
250329-ndmxfatmw4
-
MD5
e4315017ccc1f9d1a181f2d2f501b96c
-
SHA1
6a92fdbeb08ad05dbf80ce9571caced3097603dd
-
SHA256
10d1b5f7b7a33187e51dc0fecb01aca2da1f978b809ae8f54e1c772775c3dbda
-
SHA512
0191ce9ec60f3a21fbbec51806f0a05647c625c999571617d11edb21ed50bcf7c6105a2d60589338be4944436a5faeebba631779e23307ba3542b02d0e332fb0
-
SSDEEP
196608:G4d0xUyYDOh8x40Me/14QlhewofSN2Hi/Xl:z71DGcySXoaD1
Malware Config
Targets
-
-
Target
2025-03-29_e4315017ccc1f9d1a181f2d2f501b96c_agent-tesla_amadey_hawkeye_smoke-loader
-
Size
7.6MB
-
MD5
e4315017ccc1f9d1a181f2d2f501b96c
-
SHA1
6a92fdbeb08ad05dbf80ce9571caced3097603dd
-
SHA256
10d1b5f7b7a33187e51dc0fecb01aca2da1f978b809ae8f54e1c772775c3dbda
-
SHA512
0191ce9ec60f3a21fbbec51806f0a05647c625c999571617d11edb21ed50bcf7c6105a2d60589338be4944436a5faeebba631779e23307ba3542b02d0e332fb0
-
SSDEEP
196608:G4d0xUyYDOh8x40Me/14QlhewofSN2Hi/Xl:z71DGcySXoaD1
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1