nanocore | 3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0 | Triage

Submit
Reports

Overview

overview

Static

static

5

3e61d54b27...f0.exe

windows7_x64

3e61d54b27...f0.exe

windows10-2004_x64

Sharing

General

Target

3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0
Size

1.4MB
Sample

220701-jftqjsbga2
MD5

06b1f141fdfdb0e11269be502f8b45b5
SHA1

8565e1195e42a9f320e7bbb2cdc15a7b33a7cb72
SHA256

3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0
SHA512

80f9545c6a761b8785150e5881504c3ac2963430195109fa142f0f3ff316136db49aa1f05735a415344008513150fa98731df9904777603598f7b9f3884bfc95

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0.exe

Resource

win7-20220414-en

nanocore evasion keylogger persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0.exe

Resource

win10v2004-20220414-en

nanocore evasion keylogger persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0
- Size
  
  1.4MB
- MD5
  
  06b1f141fdfdb0e11269be502f8b45b5
- SHA1
  
  8565e1195e42a9f320e7bbb2cdc15a7b33a7cb72
- SHA256
  
  3e61d54b27423519ef47608a2f5be733e7fae3cacd6db0a9b499dddf60d63bf0
- SHA512
  
  80f9545c6a761b8785150e5881504c3ac2963430195109fa142f0f3ff316136db49aa1f05735a415344008513150fa98731df9904777603598f7b9f3884bfc95
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy