Extracted

• • Target

    af3e7f29ca915deadc875710f2ec54db8aa93461638f88bcb89c18e4588f7846

  • Size

    282KB

  • MD5

    ca1b90a4ba0f6d4906fdc25537432be6

  • SHA1

    e89e186b2531b2767bfc94513e454f3a7e751095

  • SHA256

    af3e7f29ca915deadc875710f2ec54db8aa93461638f88bcb89c18e4588f7846

  • SHA512

    73ea81eb8e0c9f0099b55fef6b16545d4bb6312aa9be0e11df969cf8c936ccaf690191333045c50c0b8fced9ef0269b26ca68dae8d3d1cf5c7dbc99d2b1746e0

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfI:boSeGUA5YZazpXUmZhZ6S9

  Score

  10^/10

  nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2