Extracted

• • Target

    1eb2e41484df26af2c4a3ae6dc12068d4adae5bcbac5632545e0217939deae05

  • Size

    280KB

  • MD5

    3e4842e526abd44d6996fef09b4f9cda

  • SHA1

    5d83cce23e1fb35916842bd8015649f8282d1538

  • SHA256

    1eb2e41484df26af2c4a3ae6dc12068d4adae5bcbac5632545e0217939deae05

  • SHA512

    7317de8f22e3b30f559bd897458723d8f3135bf087339e8963f6a24f245c3638a00df28f36fa3ef03f9f63ae671050d8502c4b5cbc51e05c11f49bfbd3cf65ad

  • SSDEEP

    6144:boy5p178U0MURaGyNXYWQzHazRfXrwSRnWwhrQ66fa9:boSeGUA5YZazpXUmZhZ6i9

  Score

  10^/10

  nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2