Extracted

• • Target

    Absa.exe

  • Size

    1.1MB

  • MD5

    543b483edf1e71d19b7e2ca64ce9e2d9

  • SHA1

    9c91f6bf2f7d23f288119d95999e107308151f8a

  • SHA256

    71bb1f2e0a1aecf13985a354d05fb522c85746e08a01a858a4473237a96e85fd

  • SHA512

    b0f2111e1a7c6977548b983cfb1abc92b9d2690d04d7c85ef0cde35b869fcac9666163821212088dc90a5afb1c533adf69d7bbc53939caea6996a6187a9006a7

  Score

  10^/10

  nanocorenetwirebotnetkeyloggerpersistenceratspywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • NetWire RAT payload

    rat

  • Netwire

    Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

    botnetstealernetwire

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2