Extracted

• • Target

    4ff402a5d41e20740c3bca70bd0cdefa0a02e3e2c59772df79d6c773ab6cd2d6.exe

  • Size

    279KB

  • MD5

    55972f7d15273da7566f4f2b1a64200d

  • SHA1

    3747c59123adf4f9cb1225fb2180a77166b13437

  • SHA256

    4ff402a5d41e20740c3bca70bd0cdefa0a02e3e2c59772df79d6c773ab6cd2d6

  • SHA512

    3b3bd465d8a98205a788ec298a5a3d1c0bb3665b10200534d2e2490ac5a9d0709b0a574cc7afea4a04cbdac111f92f18f68cc0bac42381a251652acd90ced25d

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fQ:boSeGUA5YZazpXUmZhZ6o

  Score

  10^/10

  discoverypersistencenanocoreevasionkeyloggerspywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2