nanocore | 33851c19216f0e65db0aecc27dc71ffc[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

33851c1921...fc.exe

windows7-x64

33851c1921...fc.exe

windows10-2004-x64

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

33851c19216f0e65db0aecc27dc71ffc.exe

Resource

win7-20220812-en

nanocore evasion keylogger spyware stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

33851c19216f0e65db0aecc27dc71ffc.exe

Resource

win10v2004-20220901-en

nanocore evasion keylogger spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

General

Target

33851c19216f0e65db0aecc27dc71ffc.exe
Size

202KB
MD5

33851c19216f0e65db0aecc27dc71ffc
SHA1

0ad881c7d507bea247bfe454e29bc645f3d1b4ac
SHA256

d3c3718f2106aca6ed10bb92ec37e99bcadd8536f499af4de3849625a0a1c109
SHA512

beb70bc68603bc8722656297c7bab35fd15ba7a2d91520f22ea00b2d021ee171c38917d0ddd0bb50e752294c20bd2a257da7623c464252cde4f490c5b66af708
SSDEEP

6144:gLV6Bta6dtJmakIM5XQa2WCE085Qe6nGH:gLV6Btpmk22Wd085GnC

Score

10^/10

nanocore

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

eu-central-7075.packetriot.net:22378

127.0.0.1:22378

Mutex

7fd0fb12-397b-455a-940b-bef9261bdda7

Attributes

activate_away_mode
true
backup_connection_host
127.0.0.1
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-07-04T19:22:19.202077936Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
22378
default_group
kurban
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
7fd0fb12-397b-455a-940b-bef9261bdda7
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
eu-central-7075.packetriot.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

Nanocore family
nanocore

Files

33851c19216f0e65db0aecc27dc71ffc.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy