nanocore | 8ad5b88f65afbb0668dc2e35376a586e67aa97d09e94c2a47172c41b271f472f | Triage

Sharing

General

Target

8ad5b88f65afbb0668dc2e35376a586e67aa97d09e94c2a47172c41b271f472f.exe
Size

32KB
Sample

241212-rrvqzsypbj
MD5

aa21b54e222ad79e8ea469e3e8e8d1a0
SHA1

69743f880cbbbcade254d80f743bb1f0b89d9221
SHA256

8ad5b88f65afbb0668dc2e35376a586e67aa97d09e94c2a47172c41b271f472f
SHA512

3029c801fd059bfa7fbafc1bdc7a9a58fa0ff5f244a7f95225ae171048a1473282eb8ae81a76f32256610f6555178f7b9dc6434deeb9e4a8ad9a1dffc07af0b2
SSDEEP

384:1PmNYo85DCeup3fEhjLuwSm3Tm2eaFO4FzRApkFTBLTsOZwpGd2v99IkuisDNVFz:pA8wlaPBSm3Tw49FzVFE9jGXOjh5bS

Score

10^/10

nanocore xworm discovery evasion keylogger persistence rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

vitalwerks.istmein.de:3150

Mutex

jWXSA287zBis6fzu

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  8ad5b88f65afbb0668dc2e35376a586e67aa97d09e94c2a47172c41b271f472f.exe
- Size
  
  32KB
- MD5
  
  aa21b54e222ad79e8ea469e3e8e8d1a0
- SHA1
  
  69743f880cbbbcade254d80f743bb1f0b89d9221
- SHA256
  
  8ad5b88f65afbb0668dc2e35376a586e67aa97d09e94c2a47172c41b271f472f
- SHA512
  
  3029c801fd059bfa7fbafc1bdc7a9a58fa0ff5f244a7f95225ae171048a1473282eb8ae81a76f32256610f6555178f7b9dc6434deeb9e4a8ad9a1dffc07af0b2
- SSDEEP
  
  384:1PmNYo85DCeup3fEhjLuwSm3Tm2eaFO4FzRApkFTBLTsOZwpGd2v99IkuisDNVFz:pA8wlaPBSm3Tw49FzVFE9jGXOjh5bS
Score

10^/10

nanocore xworm discovery evasion keylogger persistence rat spyware stealer trojan
- Detect Xworm Payload
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorexwormdiscoveryevasionkeyloggerpersistenceratspywarestealertrojan

behavioral2

nanocorexwormdiscoveryevasionkeyloggerpersistenceratspywarestealertrojan