nanocore | 1e73294675f42df94d101ece8c550fcfa2746ae6f8bf3261e16d315c5d8de832 | Triage

Sharing

General

Target

DE3D6958F101E3B252F18168F240480D.exe
Size

819KB
Sample

210911-vlb88sbef6
MD5

de3d6958f101e3b252f18168f240480d
SHA1

4a2ff6b9018df0b31db61ce4f5a6d844c05dc3ce
SHA256

1e73294675f42df94d101ece8c550fcfa2746ae6f8bf3261e16d315c5d8de832
SHA512

ca26091630e7509e79b386cbc1024446d51bc1ff0763b14aa1e8d03b0ec815d2484beccc905d1694db87a5b1dc8a8e95971c25dd5cd51abe9cbd000aea13f1f7

Score

10^/10

nanocore njrat nyan cat keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

C2

alice2019.myftp.biz:5552

Mutex

28ac71370f2e4

Attributes

reg_key
28ac71370f2e4
splitter
@!#&^%$

Targets

- Target
  
  DE3D6958F101E3B252F18168F240480D.exe
- Size
  
  819KB
- MD5
  
  de3d6958f101e3b252f18168f240480d
- SHA1
  
  4a2ff6b9018df0b31db61ce4f5a6d844c05dc3ce
- SHA256
  
  1e73294675f42df94d101ece8c550fcfa2746ae6f8bf3261e16d315c5d8de832
- SHA512
  
  ca26091630e7509e79b386cbc1024446d51bc1ff0763b14aa1e8d03b0ec815d2484beccc905d1694db87a5b1dc8a8e95971c25dd5cd51abe9cbd000aea13f1f7
Score

10^/10

nanocore njrat nyan cat keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocorenjratnyan catkeyloggerpersistencespywarestealertrojan

behavioral2

nanocorenjratnyan catkeyloggerpersistencespywarestealertrojan