nanocore | b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db | Triage

Submit
Reports

Overview

overview

Static

static

1

fart-with-...rb.mp3

windows7-x64

fart-with-...rb.mp3

windows10-2004-x64

8

Sharing

General

Target

fart-with-extra-reverb.mp3
Size

121KB
Sample

250308-tzhshazshx
MD5

56a2f872e5106165bb09f2952c467114
SHA1

a492b74ceb9f5fc5cf4ff26ec96d063bbcb58230
SHA256

b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db
SHA512

5deadc5b63296e9224dd7a72b4220f5b47917fb4a31f97863308f78fa9f7f373aebf07850c81e3632de9c5b040cd9c014851e8a978ef44d1df7ec34f7975955f
SSDEEP

3072:2TfH2lqavCLMpbhmO1FBBU4YJjq4ht+lSCtTaAoUAX4:eH2lq/Qbhm6jYJjq43fCtTaAon4

Score

10^/10

nanocore quasar hh not a rat lolloolool defense_evasion discovery execution keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

fart-with-extra-reverb.mp3

Resource

win7-20240903-en

nanocore quasar hh not a rat lolloolool defense_evasion discovery keylogger spyware stealer trojan

windows7-x64

31 signatures

900 seconds

Behavioral task

behavioral2

Sample

fart-with-extra-reverb.mp3

Resource

win10v2004-20250217-en

discovery execution

windows10-2004-x64

23 signatures

900 seconds

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

NOT A RAT LOLLOOLOOL

C2

127.0.0.1:4782

Mutex

e2fa2f23-b5a1-410d-9a72-2c090526a166

Attributes

encryption_key
BAC051964C78782D889217F5027866F57C238E02
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Anti Virus (not fourbeexnine rat0
subdirectory
SubDir

Extracted

Family

quasar

Version

1.4.1

Botnet

HH

C2

127.0.0.1:4782

Mutex

29e82417-3104-4d6c-8d5e-f1161ddaeb44

Attributes

encryption_key
BAC051964C78782D889217F5027866F57C238E02
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Anti Virus (not fourbeexnine rat0
subdirectory
SubDir

Targets

- Target
  
  fart-with-extra-reverb.mp3
- Size
  
  121KB
- MD5
  
  56a2f872e5106165bb09f2952c467114
- SHA1
  
  a492b74ceb9f5fc5cf4ff26ec96d063bbcb58230
- SHA256
  
  b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db
- SHA512
  
  5deadc5b63296e9224dd7a72b4220f5b47917fb4a31f97863308f78fa9f7f373aebf07850c81e3632de9c5b040cd9c014851e8a978ef44d1df7ec34f7975955f
- SSDEEP
  
  3072:2TfH2lqavCLMpbhmO1FBBU4YJjq4ht+lSCtTaAoUAX4:eH2lq/Qbhm6jYJjq43fCtTaAon4
Score

10^/10

nanocore quasar hh not a rat lolloolool defense_evasion discovery keylogger spyware stealer trojan execution
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar family
  quasar
- Quasar payload
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  defense_evasion trojan
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorequasarhhnot a rat lolloolooldefense_evasiondiscoverykeyloggerspywarestealertrojan

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy