nanocore | 607b0ff863381ee25ef50bafe0d1903da3bd546860e62cebd7458e2daf8e1c65 | Triage

Sharing

General

Target

81be55c863016924a3134289fae40970_NeikiAnalytics.exe
Size

3.6MB
Sample

240531-134byagb28
MD5

81be55c863016924a3134289fae40970
SHA1

980ff520a5dd3cee97c63544a9d8fa9fe327f101
SHA256

607b0ff863381ee25ef50bafe0d1903da3bd546860e62cebd7458e2daf8e1c65
SHA512

93fbc49ff1cfcd6dac58cbd60f225b292259ef70773351f2f447a7a39d3d672a569279125825f0eb83905ab7751b54df2d3e918e6bb35d1639e7ae9059eb4250
SSDEEP

49152:DtOcE5/k017aNCFTTIP5uqz2lSNd6ZoR9ttqQ/3FPnh:Dcj/kFs5IAqzSP85/3FPh

Score

10^/10

nanocore evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

okurwa123.ddns.net:30814

Mutex

2235e1d8-7910-4a73-af04-b7bf49fcd3e7

Attributes

activate_away_mode
true
backup_connection_host
okurwa123.ddns.net
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-10-29T22:05:41.783378436Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
30814
default_group
chmo ebat nahui
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
2235e1d8-7910-4a73-af04-b7bf49fcd3e7
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
okurwa123.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  81be55c863016924a3134289fae40970_NeikiAnalytics.exe
- Size
  
  3.6MB
- MD5
  
  81be55c863016924a3134289fae40970
- SHA1
  
  980ff520a5dd3cee97c63544a9d8fa9fe327f101
- SHA256
  
  607b0ff863381ee25ef50bafe0d1903da3bd546860e62cebd7458e2daf8e1c65
- SHA512
  
  93fbc49ff1cfcd6dac58cbd60f225b292259ef70773351f2f447a7a39d3d672a569279125825f0eb83905ab7751b54df2d3e918e6bb35d1639e7ae9059eb4250
- SSDEEP
  
  49152:DtOcE5/k017aNCFTTIP5uqz2lSNd6ZoR9ttqQ/3FPnh:Dcj/kFs5IAqzSP85/3FPh
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealertrojan

behavioral2

nanocoreevasionkeyloggerspywarestealertrojan