nanocore | f7677db1078c998f8b24486fc49f52cc7be0cfa707e70f7b05fe3c7e49d4a1ad | Triage

Submit
Reports

Overview

overview

Static

static

5

Scan Copy$$.scr

windows7-x64

Scan Copy$$.scr

windows10-2004-x64

Sharing

General

Target

f7677db1078c998f8b24486fc49f52cc7be0cfa707e70f7b05fe3c7e49d4a1ad
Size

635KB
Sample

220725-gftdnshchk
MD5

ed2250ce67d2af04df7cacb3aefebca8
SHA1

273b9b13ef5a44280acc7906169de5817522d71a
SHA256

f7677db1078c998f8b24486fc49f52cc7be0cfa707e70f7b05fe3c7e49d4a1ad
SHA512

ccf908b64011b2163f5329ba403d06b8b19c8e3e2b32acb8e2c23ef639523865519fdb5458a81ac63e1e2bef52904fa5ba255eb967f19021673d953a8a5cb143

Score

10^/10

nanocore evasion keylogger spyware stealer suricata trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Scan Copy$$.scr

Resource

win7-20220715-en

nanocore evasion keylogger spyware stealer suricata trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Scan Copy$$.scr

Resource

win10v2004-20220721-en

nanocore evasion keylogger spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  Scan Copy$$.scr
- Size
  
  1.1MB
- MD5
  
  7abe31b58ea898b5f25c33d9572d70ca
- SHA1
  
  a6be14ddb35a3d13d826bcc5833836b5ef4c8e4a
- SHA256
  
  01dbae054610259b1b33585a88a042e8762ec1c5a239c9fd0f821dc240235c16
- SHA512
  
  bf56d9321467b93011258753e3fd976755e2f4a1e81a95a4b1fcdf3eff45a7e1a70d58049d6a9da2d00dc6a9c7536eaebe4a680f72f8a351b3456f246cf99110
Score

10^/10

nanocore evasion keylogger spyware stealer suricata trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- suricata: ET MALWARE Possible NanoCore C2 60B
  suricata: ET MALWARE Possible NanoCore C2 60B
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealersuricatatrojan

behavioral2

nanocoreevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy