Extracted

• • Target

    dd247363cacd98f90b41fcb8f2b38b4285ca1cfb7c6285651a3530eee49ed413

  • Size

    1.0MB

  • MD5

    2968f27de9271ec73413429ca7f51d13

  • SHA1

    ab770a39edaa55c267b0a2d850e14121d859f431

  • SHA256

    dd247363cacd98f90b41fcb8f2b38b4285ca1cfb7c6285651a3530eee49ed413

  • SHA512

    f40deed2883e269591f9d6ced0bc641252a23960267c4cc8b6794f222aa11acd1e5c23d3575842dbc1fd9269cb3454cb5be4a9f1ca4ec845f901fffea2e65979

  • SSDEEP

    24576:Jur9gkEPGcHHXYDYDa6naGhywpCjq7jUv7cF6kZ6YriDfZ49p50/O:Ur9gNGKXYD+naGEsBXUv66k8o4yp5wO

  Score

  10^/10

  nanocoredefense_evasiondiscoverykeyloggerspywarestealertrojanupx

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Drops startup file

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2