c9ae12a64c678ed7284b3514af87b0ac6ce8036306855efcfebdf167aa42c0f1

Target

Size

772KB

Sample

220521-xbsjksbdd7

Score

10 ^/10

MD5

37e4517bccb2c13b5853022d7c5fcc6e

SHA1

5dd6dbb402b5a336f3a21edfdf6a7da741a652be

SHA256

c9ae12a64c678ed7284b3514af87b0ac6ce8036306855efcfebdf167aa42c0f1

SHA512

c7d20f2c658c295b9a7ad7bf4c533c41b9a4b6b483b3883fc64ee6d7985fcd64e51a93f0a99ea31774b5ac69cc9c4582b0468f06e9e9107bb2d65e2e91170d39

Extracted

Family	nanocore
Version	1.2.2.0
C2	antonlmcmotor.ddns.net:3190 antonlmcmotor.ddns.net:3190
Attributes	activate_away_mode true backup_connection_host antonlmcmotor.ddns.net backup_dns_server 8.8.4.4 buffer_size 65535 build_time 2020-03-07T09:50:37.081293536Z bypass_user_account_control true bypass_user_account_control_data clear_access_control true clear_zone_identifier false connect_delay 4000 connection_port 3190 default_group NEWZEALAND enable_debug_mode true gc_threshold 1.048576e+07 keep_alive_timeout 30000 keyboard_logging false lan_timeout 2500 max_packet_size 1.048576e+07 mutex de74fb71-ce66-421f-80e3-36e9e39a1451 mutex_timeout 5000 prevent_system_sleep false primary_connection_host antonlmcmotor.ddns.net primary_dns_server 8.8.8.8 request_elevation true restart_delay 5000 run_delay 0 run_on_startup false set_critical_process true timeout_interval 5000 use_custom_dns_server false version 1.2.2.0 wan_timeout 8000

Target

PROOF OF PAYMENT.exe

MD5

01d17f375699dbaedad392aa7920645f

Filesize

1MB

Score

10^/10

SHA1

2fbefee529b1aa5079100c5bb07ba37d4988d371

SHA256

4c94eb227b1c9236958b5f31dc3829ce7891e22d3771e25e9e291b08fafdd090

SHA512

6df6601163511770d6b85485c20e0ecb2c71b321aa94dda79e5e067aa0ffe09333acb63c9434f8c36ea79463e06b696be3ff316b92b91b46b90b6545f4b2075d

Signatures

NanoCore
Description

NanoCore is a remote access tool (RAT) with a variety of capabilities.
Tags

keylogger trojan stealer spyware nanocore
Drops startup file
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

5^/10

behavioral1

nanocore keylogger persistence spyware stealer trojan

10^/10

behavioral2

nanocore keylogger persistence spyware stealer trojan

10^/10

Extracted

Tags

Signatures

NanoCore

Description

Tags

Drops startup file

Adds Run key to start application

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2