nanocore | 3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe | Triage

Submit
Reports

Overview

overview

Static

static

3c1504708b...fe.exe

windows7-x64

3c1504708b...fe.exe

windows10-2004-x64

Sharing

General

Target

3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe
Size

926KB
Sample

240523-zayqbafc5y
MD5

383cd2233b0e24dd67d1d61a994cec05
SHA1

5942654e0fe9b90ce57ae9c299ac669fd1eb3a3b
SHA256

3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe
SHA512

f9b6cc2792defade249bb3aac47bb47b4ff04fad9b11bbfe86071cdb08b9cac4bfec2dee52e2793bac0c2101345763815d62a391c6c7423f4c4136680912615a
SSDEEP

24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhk:Ll328U2kfc4Kf7HlF7

Score

10^/10

nanocore keylogger spyware stealer trojan upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe.exe

Resource

win7-20240221-en

nanocore keylogger spyware stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe.exe

Resource

win10v2004-20240508-en

nanocore keylogger spyware stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

motherpure.duckdns.org:3920

185.214.10.57:3920

Mutex

bf795df6-2075-40d9-84eb-258bd0bbe097

Attributes

activate_away_mode
false
backup_connection_host
185.214.10.57
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-02-22T15:40:23.303555136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
false
clear_zone_identifier
false
connect_delay
4000
connection_port
3920
default_group
MAY13
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
bf795df6-2075-40d9-84eb-258bd0bbe097
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
motherpure.duckdns.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe
- Size
  
  926KB
- MD5
  
  383cd2233b0e24dd67d1d61a994cec05
- SHA1
  
  5942654e0fe9b90ce57ae9c299ac669fd1eb3a3b
- SHA256
  
  3c1504708bff200b857ee4112b163009244e857ed93bb37b8f92a231a11c81fe
- SHA512
  
  f9b6cc2792defade249bb3aac47bb47b4ff04fad9b11bbfe86071cdb08b9cac4bfec2dee52e2793bac0c2101345763815d62a391c6c7423f4c4136680912615a
- SSDEEP
  
  24576:Hrl6kD68JmloLQfgqu4Dij/f7HcAdmjKt0Okhk:Ll328U2kfc4Kf7HlF7
Score

10^/10

nanocore keylogger spyware stealer trojan upx
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- UPX dump on OEP (original entry point)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojanupx

behavioral2

nanocorekeyloggerspywarestealertrojanupx

© 2018-2024

Terms | Privacy