Extracted

• • Target

    A653D1951B3DE7E0EDE77758187763B0.exe

  • Size

    3.0MB

  • MD5

    a653d1951b3de7e0ede77758187763b0

  • SHA1

    06df3427aa544488543152111f5c5cfc52d41463

  • SHA256

    21f3851df5c3487b850c88275818072eb000857423f72608b0708b53bb3bbf64

  • SHA512

    c8e5bc1284b3349cd81bb8edb85ebd5bb01fe08eb51aad53992a22a045ffae58ea4d7649f60559c9c5adaf71a7bcef4db3359bd54ae8157d9c0f0b9f2b0130ca

  • SSDEEP

    49152:yKcYOh1T3CVOnr9zBVPgxyJbV4cPodKiUIQ+WSqwEQU:yxfrzCVOh9tQcPotU7

  Score

  10^/10

  nanocoredefense_evasiondiscoverykeyloggerspywarestealertrojan

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore

  • Nanocore family

    nanocore

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2