nanocore | e5b4f0d80455434c5454347cce00f9f5367a19e9af19731ad04630e1c5cb5440 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ- 28300NB.scr

windows7_x64

RFQ- 28300NB.scr

windows10_x64

Sharing

General

Target

RFQ- 28300NB.rar
Size

867KB
Sample

210924-hh68zsgbe3
MD5

98561333445f07a87c3a3eee856770c4
SHA1

bafd8f2d73139cbf5f9065f60a109897b11878f7
SHA256

e5b4f0d80455434c5454347cce00f9f5367a19e9af19731ad04630e1c5cb5440
SHA512

22b274e6a61ea0e90bc35eed2a542d8f6871f9b01ec9c43d83c6097f2e2b755d681528943f59110a0fa50ea81144e03fc3bfb4a673d94f3c46b0dbb540e0b7d0

Score

10^/10

nanocore warzonerat infostealer keylogger persistence rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ- 28300NB.scr

Resource

win7v20210408

nanocore warzonerat infostealer keylogger persistence rat spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ- 28300NB.scr

Resource

win10-en-20210920

warzonerat infostealer persistence rat

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

warzonerat

C2

membership.myddns.rocks:5191

Targets

- Target
  
  RFQ- 28300NB.scr
- Size
  
  999KB
- MD5
  
  c10afb1541eafecc15387c8c0f3db1c9
- SHA1
  
  7cd612bfed4ba6350c192142d55392ac8aa5a0a5
- SHA256
  
  89416f4296bcee3a4230b3845988246b0dc489376238061d26e4b75e6ecf972e
- SHA512
  
  d94a03f9281c34bbe563d44c920a5188b18ed4aee44fc507e9c706930f93e52f6beccec7fe3462b07d88994f70dddbfd0b17c8aed2a0c3613a35378cfe411b34
Score

10^/10

nanocore warzonerat infostealer keylogger persistence rat spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Warzone RAT Payload
  rat
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocorewarzoneratinfostealerkeyloggerpersistenceratspywarestealertrojan

behavioral2

warzoneratinfostealerpersistencerat

© 2018-2024

Terms | Privacy