nanocore | 7b86b078ef0e22ae04527bc99190ca2d[.]bin | Triage

Submit
Reports

Overview

overview

Static

static

0eda4f107b...a4.exe

windows7-x64

0eda4f107b...a4.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0eda4f107bdc1b21382eb13079d6e713f5fb215d064298cdca685cd778f97aa4.exe

Resource

win7-20220812-en

nanocore evasion keylogger persistence spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0eda4f107bdc1b21382eb13079d6e713f5fb215d064298cdca685cd778f97aa4.exe

Resource

win10v2004-20220901-en

nanocore evasion keylogger persistence spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

General

Target

7b86b078ef0e22ae04527bc99190ca2d.bin
Size

302KB
MD5

584326414b8531f684e3c0def102744e
SHA1

b58072c8e8523e47d610d064554164069ba6e8d6
SHA256

c57ac089c38e0ff58c6139db7a03073b2c57054d0b225381e4f63573ffc8c3f5
SHA512

3e9af55af298e483bb5722e0b260cc7bfae55b7f2f0be3e0256255cd196fd2503a42692450409c5dc3d0306ffe7f802b3963dabf3b14aca5155229ce20e8b56b
SSDEEP

6144:/bFbtRH/JqVVhXjzKq2O7TS2WTzWo+MmI2jmi8LuL7x/+c1ZeSkTboxIMbIR:zFJRH/J8VJjzKqX7TSHSo+BAi8yL1Wcs

Score

10^/10

nanocore

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

0.tcp.ngrok.io:11828

127.0.0.1:11828

Mutex

1c55e843-5d49-489f-bb49-3af4050d94d1

Attributes

activate_away_mode
true
backup_connection_host
127.0.0.1
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2021-10-04T21:50:36.215676836Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
11828
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
1c55e843-5d49-489f-bb49-3af4050d94d1
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
0.tcp.ngrok.io
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

Nanocore family
nanocore

Files

7b86b078ef0e22ae04527bc99190ca2d.bin
.zip

Password: infected
0eda4f107bdc1b21382eb13079d6e713f5fb215d064298cdca685cd778f97aa4.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2025

Terms | Privacy