Extracted

• • Target

    81e493c3a6487e0188af55df17806f35ad7c79d642b70f1b556a6c1182ab2cd1

  • Size

    281KB

  • MD5

    00c1ad8e87fe256b1ff9e727c0843b3e

  • SHA1

    d0880c331b9c495900e5dd0c88752d04c6b7e610

  • SHA256

    81e493c3a6487e0188af55df17806f35ad7c79d642b70f1b556a6c1182ab2cd1

  • SHA512

    84b2a302126a4d68583d0bc8776dcf537141fae05328ea327d5becd73cc845d0655e63f2c01bc194e8bc03520cfedbd4bdf88eaaf5550ef2f520fe06eada3068

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfy:boSeGUA5YZazpXUmZhZ6Sb

  Score

  10^/10

  discoverypersistencenanocoreevasionkeyloggerspywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2