Extracted

• • Target

    D3A9543FAE305405220AC1F627327074DC1BDE573789452A2F0E62429DB87987

  • Size

    1.3MB

  • MD5

    ec7f6620c82becd13651a358f408bf72

  • SHA1

    d66e726b99a648f705a8ab82308c52cad9ca275d

  • SHA256

    d3a9543fae305405220ac1f627327074dc1bde573789452a2f0e62429db87987

  • SHA512

    1efc9ab3bf16f434c67d6904ecae70ec3d9811958d758401672a6c062f3f4fc8627049cb884cee0e5b8dd40946d14e96716f4bd8c1210373df49a4533e1f5d4d

  Score

  10^/10

  nanocorenjratnyan catdiscoverykeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • autoit_exe

    AutoIT scripts compiled to PE executables.

  behavioral1behavioral2