nanocore | 2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8 | Triage

Submit
Reports

Overview

overview

Static

static

uVIuZhBZxl...210.js

windows7_x64

uVIuZhBZxl...210.js

windows10_x64

Sharing

General

Target

uVIuZhBZxlNEW COPY DOCSCANNED ORDERAUGIMG6210.js
Size

1.1MB
Sample

210902-jkpaqawhla
MD5

53d9dc9fa9cc34f33fe03b7c5f5fce6b
SHA1

8d906ed4bfd58c0220765721298ce2e75256b568
SHA256

2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8
SHA512

baa55aa8cad643bf63ef21b6413d4bd3fb92c702588f95b650187b06189ae2a191945a777856662fd5d0801115700e4c7a6de3143b1e03a5bb666040bfdb1ca7

Score

10^/10

nanocore vjw0rm evasion keylogger persistence spyware stealer trojan worm

Static task

static1

Behavioral task

behavioral1

Sample

uVIuZhBZxlNEW COPY DOCSCANNED ORDERAUGIMG6210.js

Resource

win7v20210408

nanocore vjw0rm evasion keylogger persistence spyware stealer trojan worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

uVIuZhBZxlNEW COPY DOCSCANNED ORDERAUGIMG6210.js

Resource

win10-en

nanocore vjw0rm evasion keylogger persistence spyware stealer trojan worm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  uVIuZhBZxlNEW COPY DOCSCANNED ORDERAUGIMG6210.js
- Size
  
  1.1MB
- MD5
  
  53d9dc9fa9cc34f33fe03b7c5f5fce6b
- SHA1
  
  8d906ed4bfd58c0220765721298ce2e75256b568
- SHA256
  
  2501e01c4f196967e005c2969f1d692ca8adcb24a23c5d6fb13f9a0b71f2d8c8
- SHA512
  
  baa55aa8cad643bf63ef21b6413d4bd3fb92c702588f95b650187b06189ae2a191945a777856662fd5d0801115700e4c7a6de3143b1e03a5bb666040bfdb1ca7
Score

10^/10

nanocore vjw0rm evasion keylogger persistence spyware stealer trojan worm
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorevjw0rmevasionkeyloggerpersistencespywarestealertrojanworm

behavioral2

nanocorevjw0rmevasionkeyloggerpersistencespywarestealertrojanworm

© 2018-2024

Terms | Privacy