Extracted

• • Target

    60864902ad948db63fe7d04e2d299ace93e989b95cac3ec8db0096b9705f3f4d

  • Size

    416KB

  • MD5

    ad8510ee09068863597c43714c03d458

  • SHA1

    0ef4784eae0fc6ef6dfcec087cace35f32f4fee2

  • SHA256

    60864902ad948db63fe7d04e2d299ace93e989b95cac3ec8db0096b9705f3f4d

  • SHA512

    d9098101eb4f6e83e477465917f56df49792c9790e1f264b8b2aa223e3703a10c1f6c6ae7878f3958d074ee9660acee07185c95937114ba068fdf669ef7678df

  • SSDEEP

    6144:ITNE3ZRrnaBVlvphVxmP+6CiejgcME1cwYfU+va+RUg:ITNYrnE3bm/CiejewY5vl

  Score

  10^/10

  nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2