nanocore | 37df56b4f26fcb210022abed5de5698854b8d0504c6305422ee2730ee06ead15 | Triage

Sharing

General

Target

tmp
Size

202KB
Sample

220920-y2ewvahhen
MD5

4cedeb7f2bbb865949fac916f31ff5c6
SHA1

23f459e090f237b419b33b331818b17ab805f768
SHA256

37df56b4f26fcb210022abed5de5698854b8d0504c6305422ee2730ee06ead15
SHA512

c38c1f6b0c43b0546917fb5e3a60f922798120d9f870f5c9920ac199907663968a201c5ad0ed80b9621cd4d37d8e7b1d5dac7c76ee09000b78bb658ea86b7809
SSDEEP

3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI4jT9cx77B7aqetQ0XdeMBma1K:wLV6Bta6dtJmakIM5ox79PEQ8QVP3

Score

10^/10

nanocore evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

hamzzagolozar.loseyourip.com:14981

Mutex

f76e5199-b9b0-45ae-b449-2e38e6b112aa

Attributes

activate_away_mode
true
backup_connection_host
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-07-01T00:24:26.401438736Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
14981
default_group
SEGUN
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
f76e5199-b9b0-45ae-b449-2e38e6b112aa
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
hamzzagolozar.loseyourip.com
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  tmp
- Size
  
  202KB
- MD5
  
  4cedeb7f2bbb865949fac916f31ff5c6
- SHA1
  
  23f459e090f237b419b33b331818b17ab805f768
- SHA256
  
  37df56b4f26fcb210022abed5de5698854b8d0504c6305422ee2730ee06ead15
- SHA512
  
  c38c1f6b0c43b0546917fb5e3a60f922798120d9f870f5c9920ac199907663968a201c5ad0ed80b9621cd4d37d8e7b1d5dac7c76ee09000b78bb658ea86b7809
- SSDEEP
  
  3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI4jT9cx77B7aqetQ0XdeMBma1K:wLV6Bta6dtJmakIM5ox79PEQ8QVP3
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealertrojan

behavioral2

nanocoreevasionkeyloggerspywarestealertrojan