nanocore | 1d9780dabf0b298c8fe8ff4fe6a03d36a081c14b88e6495005e41ba84885a7ed | Triage

Submit
Reports

Overview

overview

Static

static

7

Shipment F...up.exe

windows7-x64

Shipment F...up.exe

windows10-2004-x64

Sharing

General

Target

45e39166266615313d09439a21d21c7a_JaffaCakes118
Size

1.4MB
Sample

240515-m81w4sef62
MD5

45e39166266615313d09439a21d21c7a
SHA1

9a6feb9d291e69f629a0a136dbf84dac76b088e0
SHA256

1d9780dabf0b298c8fe8ff4fe6a03d36a081c14b88e6495005e41ba84885a7ed
SHA512

7426873f971d0bc8e6f7b78127f6d28cedbbdd1b43f8f223d7430b18adee45aaebf841242558827197093d6edd8f01a81b324d257744e39df47d03ffd274f080
SSDEEP

24576:0BXu9HGaVHYK48pT/rwNJxy/p5L6UXf9:0w9VH1pT/i8H3X

Score

10^/10

nanocore evasion keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Shipment For Pickup.exe

Resource

win7-20240220-en

nanocore evasion keylogger spyware stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Shipment For Pickup.exe

Resource

win10v2004-20240508-en

nanocore evasion keylogger spyware stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

testwork.kozow.com:8906

Mutex

bd6fc7b5-d48b-4e23-98f7-784bd3ef305c

Attributes

activate_away_mode
true
backup_connection_host
testwork.kozow.com
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-02-16T16:47:25.218235636Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
8906
default_group
star
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
bd6fc7b5-d48b-4e23-98f7-784bd3ef305c
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
testwork.kozow.com
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  Shipment For Pickup.exe
- Size
  
  912KB
- MD5
  
  1076379914dd47c1cd1207ac8505ae90
- SHA1
  
  37c66271605f8c24a783df69519e67c9ab06395b
- SHA256
  
  45d84e84e02a244ba45a371290ea833858f9a380fc145f8d0b7a89ea95956b5a
- SHA512
  
  7fa7d19811c462010e00cc39cb3e09fb9a3a82068fd3a7b7e86c04592f71ae6fb8aa8a353b7ce2ec5531a3eedbd8bd1c84ac487c8e9b8c524af95f089794c195
- SSDEEP
  
  24576:mBXu9HGaVHYK48pT/rwNJxy/p5L6UXf9:mw9VH1pT/i8H3X
Score

10^/10

nanocore evasion keylogger spyware stealer trojan upx
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Drops startup file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealertrojanupx

behavioral2

nanocoreevasionkeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy