nanocore | a823122f87017c432a3dc8fc831e39f048a2a10ecd2c64d9119c2218cf18307a | Triage

Submit
Reports

Overview

overview

Static

static

7

ba71309801...cs.exe

windows7-x64

ba71309801...cs.exe

windows10-2004-x64

Sharing

General

Target

ba71309801886b05e847139287802200_NeikiAnalytics
Size

926KB
Sample

240513-qvwl1sgg3w
MD5

ba71309801886b05e847139287802200
SHA1

9d76f4b451b6726d77bec5a6ee9583cd72e97ca4
SHA256

a823122f87017c432a3dc8fc831e39f048a2a10ecd2c64d9119c2218cf18307a
SHA512

6be5ecab8852cbfe5e491b72a5b1c0e5db0406051decb93a0d1e252ea3f2e2470ba893001d76fe427a3be83113e57659de71655fde6f03b9de3afa3b24fdf4f0
SSDEEP

24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhz:Ll328U2kfc4Kf7HlFc

Score

10^/10

nanocore keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ba71309801886b05e847139287802200_NeikiAnalytics.exe

Resource

win7-20240221-en

nanocore keylogger spyware stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba71309801886b05e847139287802200_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

nanocore keylogger spyware stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

motherpure.duckdns.org:3920

185.214.10.57:3920

Mutex

bf795df6-2075-40d9-84eb-258bd0bbe097

Attributes

activate_away_mode
false
backup_connection_host
185.214.10.57
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-02-22T15:40:23.303555136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
false
clear_zone_identifier
false
connect_delay
4000
connection_port
3920
default_group
MAY13
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
bf795df6-2075-40d9-84eb-258bd0bbe097
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
motherpure.duckdns.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  ba71309801886b05e847139287802200_NeikiAnalytics
- Size
  
  926KB
- MD5
  
  ba71309801886b05e847139287802200
- SHA1
  
  9d76f4b451b6726d77bec5a6ee9583cd72e97ca4
- SHA256
  
  a823122f87017c432a3dc8fc831e39f048a2a10ecd2c64d9119c2218cf18307a
- SHA512
  
  6be5ecab8852cbfe5e491b72a5b1c0e5db0406051decb93a0d1e252ea3f2e2470ba893001d76fe427a3be83113e57659de71655fde6f03b9de3afa3b24fdf4f0
- SSDEEP
  
  24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhz:Ll328U2kfc4Kf7HlFc
Score

10^/10

nanocore keylogger spyware stealer trojan upx
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojanupx

behavioral2

nanocorekeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy