nanocore | d80ecb62c54c587a0b04539012981a8d7391a5752048439aae18713969d4fe2b | Triage

Submit
Reports

Overview

overview

Static

static

5

TRANSAC2.exe

windows7_x64

TRANSAC2.exe

windows10-2004_x64

TRANSACT.exe

windows7_x64

TRANSACT.exe

windows10-2004_x64

Sharing

General

Target

d80ecb62c54c587a0b04539012981a8d7391a5752048439aae18713969d4fe2b
Size

3.0MB
Sample

220701-sfj1saahg3
MD5

460a89a016958c303043b28f69fda93b
SHA1

3f27cfffb5201a447ef3814f3d75f4dc531a2b73
SHA256

d80ecb62c54c587a0b04539012981a8d7391a5752048439aae18713969d4fe2b
SHA512

1faf88bcfc75ce48af00743dfba7701d91cd5cef924e673c43ce0bfec1af9fddf4e728cc0a0256fa31fcb76d0fc18b89ff55d749e1e6300106c535abfd68dff5

Score

10^/10

nanocore netwire botnet keylogger rat spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

TRANSAC2.exe

Resource

win7-20220414-en

netwire botnet rat stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TRANSAC2.exe

Resource

win10v2004-20220414-en

netwire botnet rat stealer

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

TRANSACT.exe

Resource

win7-20220414-en

nanocore keylogger spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

TRANSACT.exe

Resource

win10v2004-20220414-en

nanocore keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

54.36.24.65:30301

103.194.171.108:30301

Mutex

9b2ed16d-c582-447b-bb46-934e11de6bd8

Attributes

activate_away_mode
true
backup_connection_host
103.194.171.108
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2020-02-25T05:41:03.288865736Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
30301
default_group
testtest
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
9b2ed16d-c582-447b-bb46-934e11de6bd8
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
54.36.24.65
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  TRANSAC2.EXE
- Size
  
  1.2MB
- MD5
  
  003d19970194080b5cf4943b45ffb523
- SHA1
  
  d1215cc8a501c297157ca4d44bc683f95c747f86
- SHA256
  
  5a9dc7a0a78582178b5ecc4b83725338027de4ec8d68ccf2f22ea6e92aab509f
- SHA512
  
  62f69b3c5eaf138b7ed3c30b1e9b79b2ff4fec9d17f537d2f4fc5cd6fe3d775244df6c9449df2ad1694207de1310be0d3ff875ddae73cb8b9c0f5379f8a9a217
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  TRANSACT.EXE
- Size
  
  1.3MB
- MD5
  
  94aeaa711304f24759074946ad18409e
- SHA1
  
  ccf1571a794c4e27df21ac9565d6cc5d9a9bb97e
- SHA256
  
  eb3700158ed1f2709e37c6c8fba95c397d1a04cb334ba82a0fb3feff0c2255c0
- SHA512
  
  f92583c7b695613804febfe481d644238d5bfdced88a8661422c31984efda7ab6ec67321a851c0eae3b7ceb2f2a9efa49a89e7bdcee5af7d0a577c6e524bfdbb
Score

10^/10

nanocore keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Drops startup file
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2

netwirebotnetratstealer

behavioral3

nanocorekeyloggerspywarestealertrojan

behavioral4

nanocorekeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy