Extracted

• • Target

    4e63dde927cbcf9398224adc3a3d1b5407f92fef63bb1daecb7e1f46b2dc6740

  • Size

    281KB

  • MD5

    902f329132d38b6ab6a8cd38cc59a493

  • SHA1

    94462ef8f247e98259c8b7b08ea76dac2f94e701

  • SHA256

    4e63dde927cbcf9398224adc3a3d1b5407f92fef63bb1daecb7e1f46b2dc6740

  • SHA512

    4faeb3f2375692ea1f74ecd844cf9b7ba46cbc9611fbe64ab5f804b783a277e63fab197e1ba0a5b52550c61bf6829bfa2f180e3c7422f7b0946fc38e3b3d5746

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fKkfi:boSeGUA5YZazpXUmZhZ6S/

  Score

  10^/10

  nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2