nanocore | 5c2ed304deeaf14980750c1ad5adfd100ac8d96916643087256f4e96d17c8a8c | Triage

Submit
Reports

Overview

overview

Static

static

7

db0de0a81e...cs.exe

windows7-x64

db0de0a81e...cs.exe

windows10-2004-x64

Sharing

General

Target

db0de0a81e51d8d78db83cf8022dc570_NeikiAnalytics
Size

926KB
Sample

240516-mqzw4agf2x
MD5

db0de0a81e51d8d78db83cf8022dc570
SHA1

5042f84ce7f834df00816ac66229e81864818f70
SHA256

5c2ed304deeaf14980750c1ad5adfd100ac8d96916643087256f4e96d17c8a8c
SHA512

2f6f11e65f16331952409e4a564493bad7efe380d0d34a1f6340ff459f49c55faaa228d7f443bc48dd9e44281b15e6b0c7c97888b1ce4b12c7c977fe5c45e12a
SSDEEP

24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhp:Ll328U2kfc4Kf7HlFG

Score

10^/10

nanocore keylogger spyware stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

db0de0a81e51d8d78db83cf8022dc570_NeikiAnalytics.exe

Resource

win7-20240419-en

nanocore keylogger spyware stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

db0de0a81e51d8d78db83cf8022dc570_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

nanocore keylogger spyware stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

motherpure.duckdns.org:3920

185.214.10.57:3920

Mutex

bf795df6-2075-40d9-84eb-258bd0bbe097

Attributes

activate_away_mode
false
backup_connection_host
185.214.10.57
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-02-22T15:40:23.303555136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
false
clear_zone_identifier
false
connect_delay
4000
connection_port
3920
default_group
MAY13
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
bf795df6-2075-40d9-84eb-258bd0bbe097
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
motherpure.duckdns.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  db0de0a81e51d8d78db83cf8022dc570_NeikiAnalytics
- Size
  
  926KB
- MD5
  
  db0de0a81e51d8d78db83cf8022dc570
- SHA1
  
  5042f84ce7f834df00816ac66229e81864818f70
- SHA256
  
  5c2ed304deeaf14980750c1ad5adfd100ac8d96916643087256f4e96d17c8a8c
- SHA512
  
  2f6f11e65f16331952409e4a564493bad7efe380d0d34a1f6340ff459f49c55faaa228d7f443bc48dd9e44281b15e6b0c7c97888b1ce4b12c7c977fe5c45e12a
- SSDEEP
  
  24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhp:Ll328U2kfc4Kf7HlFG
Score

10^/10

nanocore keylogger spyware stealer trojan upx
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojanupx

behavioral2

nanocorekeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy