nanocore | f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333 | Triage

Submit
Reports

Overview

overview

Static

static

f1fdc6b056...33.exe

windows7-x64

f1fdc6b056...33.exe

windows10-2004-x64

Sharing

General

Target

f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333
Size

220KB
Sample

221123-pymmvace73
MD5

31a3abe2824e6e4cce48e207df6b3aa5
SHA1

cd1466b5c1e964c53ade0acdcd3ad6ecf2fc8505
SHA256

f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333
SHA512

c93a1310ebcfe3472e68a4db45d1dabfabaa18711997286d9f2986bae1d63d66f3e09a397c6bde3c12d11e4669b6e9a699fa6ad09a657d603c1749e45971e7e2
SSDEEP

3072:xKNQHcGBMVpXUxRVE+FXeRiD1zuO9T1eRp7VFtJW6uVRK0q/3/v:xK5+MVpWRVyR6uI1eP7VFtJkwv

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333.exe

Resource

win7-20221111-en

nanocore evasion keylogger persistence spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333.exe

Resource

win10v2004-20221111-en

nanocore evasion keylogger persistence spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333
- Size
  
  220KB
- MD5
  
  31a3abe2824e6e4cce48e207df6b3aa5
- SHA1
  
  cd1466b5c1e964c53ade0acdcd3ad6ecf2fc8505
- SHA256
  
  f1fdc6b05605137aabff3b59e49b489866673a93706d52247a74f1c6441ed333
- SHA512
  
  c93a1310ebcfe3472e68a4db45d1dabfabaa18711997286d9f2986bae1d63d66f3e09a397c6bde3c12d11e4669b6e9a699fa6ad09a657d603c1749e45971e7e2
- SSDEEP
  
  3072:xKNQHcGBMVpXUxRVE+FXeRiD1zuO9T1eRp7VFtJW6uVRK0q/3/v:xK5+MVpWRVyR6uI1eP7VFtJkwv
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy