nanocore | d5392855df1f46cc31ba3512a328755d79686e12a00473b98a92a8f9bcfa92f2 | Triage

Submit
Reports

Overview

overview

Static

static

Payment Invoice.exe

windows7_x64

Payment Invoice.exe

windows10_x64

Sharing

General

Target

Payment Invoice.zip
Size

34KB
Sample

210422-nz9g9p61sx
MD5

4f59ccb966627307b7e168ca3b486322
SHA1

192c5edde28b1f71c81a3b814e8e30fed4c2f9e3
SHA256

d5392855df1f46cc31ba3512a328755d79686e12a00473b98a92a8f9bcfa92f2
SHA512

47cf169694b03c65940adf0b914ef28b9d5351e4838f28c239d2caecbcc314d10b83378f1d2440f467014f0a9f6719652c039c419924d030b3551107b1823d53

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Payment Invoice.exe

Resource

win7v20210410

nanocore evasion keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment Invoice.exe

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment Invoice.exe
- Size
  
  190KB
- MD5
  
  c29266acdb146b5613dace7500cee027
- SHA1
  
  5105e8f7305f83ce42a6e1d011d5af66ba999785
- SHA256
  
  02042719ff8305de64b849f0f3047fff0564b6d0330fab017f0c00c7a294373e
- SHA512
  
  330c29938ed4933007297edf03fcafd297bef09030fdac745b0e1dc6b0148abad77618615f3d53cf258b5f6c2781a310765d81b4cc55a07fabb45443cf26f388
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Turns off Windows Defender SpyNet reporting
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Nirsoft
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy