nanocore | b6010f505986b64dcbb7a4ba47920d536d82e9561038a10372ea7552e416a4e6 | Triage

Submit
Reports

Overview

overview

Static

static

5

3402d3b169...18.exe

windows7-x64

3402d3b169...18.exe

windows10-2004-x64

Sharing

General

Target

3402d3b169ade14b1978abb04a7a0e98_JaffaCakes118
Size

1.1MB
Sample

240511-l1d7psef33
MD5

3402d3b169ade14b1978abb04a7a0e98
SHA1

f779739c1a425aa0339d58bf38974ecea25780e9
SHA256

b6010f505986b64dcbb7a4ba47920d536d82e9561038a10372ea7552e416a4e6
SHA512

4e6e89ba81f2813e97de4cba2e954b0b1f010d4c42a2f32faec5e1548d3166d463d0bdc5a06f764d67a532ff371d3eae5da0a263c19ff00ee629d3d367740558
SSDEEP

24576:9RmJkcoQricOIQxiZY1WN2LVjx1oltb8kMVnjI6:yJZoQrbTFZY1WN2LVx1atSBt

Score

10^/10

nanocore xtremerat keylogger persistence rat spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3402d3b169ade14b1978abb04a7a0e98_JaffaCakes118.exe

Resource

win7-20240221-en

nanocore xtremerat keylogger persistence rat spyware stealer trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

3402d3b169ade14b1978abb04a7a0e98_JaffaCakes118.exe

Resource

win10v2004-20240426-en

nanocore xtremerat keylogger persistence rat spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  3402d3b169ade14b1978abb04a7a0e98_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  3402d3b169ade14b1978abb04a7a0e98
- SHA1
  
  f779739c1a425aa0339d58bf38974ecea25780e9
- SHA256
  
  b6010f505986b64dcbb7a4ba47920d536d82e9561038a10372ea7552e416a4e6
- SHA512
  
  4e6e89ba81f2813e97de4cba2e954b0b1f010d4c42a2f32faec5e1548d3166d463d0bdc5a06f764d67a532ff371d3eae5da0a263c19ff00ee629d3d367740558
- SSDEEP
  
  24576:9RmJkcoQricOIQxiZY1WN2LVjx1oltb8kMVnjI6:yJZoQrbTFZY1WN2LVx1atSBt
Score

10^/10

nanocore xtremerat keylogger persistence rat spyware stealer trojan upx
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorextremeratkeyloggerpersistenceratspywarestealertrojanupx

behavioral2

nanocorextremeratkeyloggerpersistenceratspywarestealertrojanupx

© 2018-2024

Terms | Privacy