nanocore | 04a55a28634ec378d53535f2c105b0c4245d6fe83182101fa3b84cec806690c9 | Triage

Submit
Reports

Overview

overview

Static

static

PO 195.xlsx

windows7_x64

PO 195.xlsx

windows10_x64

1

Sharing

General

Target

PO 195.xlsx
Size

2.5MB
Sample

210201-ac47yn5eax
MD5

3a1621af2954f670e033b8dd2d60be90
SHA1

7602d64ababdf9ba09ef1eb82e2b526e209eebad
SHA256

04a55a28634ec378d53535f2c105b0c4245d6fe83182101fa3b84cec806690c9
SHA512

62f1314b52b9ce46a28c2bace233bdecb6c6f33588df08668abb59db38539ad97bc8060826fd3e47b666fa5072c20f217e2e372f14b58c9f46347506c6548efa

Score

10^/10

nanocore evasion keylogger ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO 195.xlsx

Resource

win7v20201028

nanocore evasion keylogger ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO 195.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PO 195.xlsx
- Size
  
  2.5MB
- MD5
  
  3a1621af2954f670e033b8dd2d60be90
- SHA1
  
  7602d64ababdf9ba09ef1eb82e2b526e209eebad
- SHA256
  
  04a55a28634ec378d53535f2c105b0c4245d6fe83182101fa3b84cec806690c9
- SHA512
  
  62f1314b52b9ce46a28c2bace233bdecb6c6f33588df08668abb59db38539ad97bc8060826fd3e47b666fa5072c20f217e2e372f14b58c9f46347506c6548efa
Score

10^/10

nanocore evasion keylogger ransomware spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Checks whether UAC is enabled
  evasion trojan
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerransomwarespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy