Overview

overview

10

Static

static

3

Nado_MultiTool.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    92s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27-06-2024 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nado_MultiTool.exe

  • Size

    6.6MB

  • MD5

    ee82b3877e3646e4f44c8cc2157c790a

  • SHA1

    5a55ab64d5248e82d2d6919e41aad486628f34b8

  • SHA256

    33902244bb1b5176b53676d3536561d6cdc9f5f99e9bb05ff2bb5caf7b74b05e

  • SHA512

    cd45633fc776c3952c51f37b2ff139fcfaaaaf547d7906b68d0a39261c84416567d0004d93ee0a4111234f42bb84651418cf763cd78af10b32e81918427abcca

  • SSDEEP

    196608:PlmWr+jGNqKoKC3ujfGny5vkbmjTh9DEu6iovb:tJ2GPoLeey5vSqhtEjiov

Score
10/10
riseprostealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nado_MultiTool.exe
    "C:\Users\Admin\AppData\Local\Temp\Nado_MultiTool.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:400

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/400-0-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-1-0x000000007ED70000-0x000000007F141000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/400-2-0x0000000077AC4000-0x0000000077AC5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/400-6-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-7-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-9-0x000000007ED70000-0x000000007F141000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/400-8-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-10-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-11-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-12-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-13-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-14-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-15-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-16-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download
  • memory/400-17-0x0000000000E60000-0x0000000002BE3000-memory.dmp
    Filesize

    29.5MB

    Download