Overview

overview

10

Static

static

Payment no...df.exe

windows7_x64

10

Payment no...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment notification-pdf.exe

  • Size

    1.0MB

  • Sample

    200630-xjh6fz6l92

  • MD5

    55f366df0150172ee321229116917ef9

  • SHA1

    7e8c4c56a6055d01e4d96ddedd5aec9241adcaf1

  • SHA256

    c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948

  • SHA512

    6a368da55f572461d502886c5122a363eb1689ce87d1b3ba2e2a9ad6ff6da3c62d04a8625bd4a7d6aa3989d9924feb91babd14f7174118c4a41aa71c4d0d6afe

Score
10/10
nanocorenetwirebotnetkeyloggerpersistenceratspywarestealertrojan

Malware Config

Targets

    • Target

      Payment notification-pdf.exe

    • Size

      1.0MB

    • MD5

      55f366df0150172ee321229116917ef9

    • SHA1

      7e8c4c56a6055d01e4d96ddedd5aec9241adcaf1

    • SHA256

      c52c1fb415117cce538aa98327a5c9e5adebe60dd26c49dee07d9efcc07a5948

    • SHA512

      6a368da55f572461d502886c5122a363eb1689ce87d1b3ba2e2a9ad6ff6da3c62d04a8625bd4a7d6aa3989d9924feb91babd14f7174118c4a41aa71c4d0d6afe

    Score
    10/10
    nanocorenetwirebotnetkeyloggerpersistenceratspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • NetWire RAT payload

      rat

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks