nanocore | 3a8a04925d66b89b7cdb459aa6fc33e5132c447efcc541ab86e17b74f64a8287 | Triage

Submit
Reports

Overview

overview

Static

static

c85493fbd8...2d.exe

windows7_x64

c85493fbd8...2d.exe

windows10_x64

Sharing

General

Target

c85493fbd869baf0b92c89a09604562d.exe
Size

710KB
Sample

200731-p6xjsj3v9n
MD5

c85493fbd869baf0b92c89a09604562d
SHA1

c3412e74e5a797d3d087d05fcf7e03c03e960e1a
SHA256

3a8a04925d66b89b7cdb459aa6fc33e5132c447efcc541ab86e17b74f64a8287
SHA512

50626f4376d080c0623a31c7d6a6e567b76afb512415709fda66ea383761ed576245776deb4930b715e74a006492767d26b90c0d40cffd19d55aecbd04aaac82

Score

10^/10

nanocore evasion keylogger spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c85493fbd869baf0b92c89a09604562d.exe

Resource

win7

upx evasion trojan keylogger stealer spyware nanocore

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c85493fbd869baf0b92c89a09604562d.exe

Resource

win10v200722

upx evasion trojan keylogger stealer spyware nanocore

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

ndlovusamkello.hopto.org:3940

185.140.53.132:3940

Mutex

c036ee8d-7b1c-4a45-b399-b74d5de4daa9

Attributes

activate_away_mode
true
backup_connection_host
185.140.53.132
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2020-05-03T17:26:20.781540536Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
3940
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
c036ee8d-7b1c-4a45-b399-b74d5de4daa9
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
ndlovusamkello.hopto.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  c85493fbd869baf0b92c89a09604562d.exe
- Size
  
  710KB
- MD5
  
  c85493fbd869baf0b92c89a09604562d
- SHA1
  
  c3412e74e5a797d3d087d05fcf7e03c03e960e1a
- SHA256
  
  3a8a04925d66b89b7cdb459aa6fc33e5132c447efcc541ab86e17b74f64a8287
- SHA512
  
  50626f4376d080c0623a31c7d6a6e567b76afb512415709fda66ea383761ed576245776deb4930b715e74a006492767d26b90c0d40cffd19d55aecbd04aaac82
Score

10^/10

upx evasion trojan keylogger stealer spyware nanocore
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

upxevasiontrojankeyloggerstealerspywarenanocore

behavioral2

upxevasiontrojankeyloggerstealerspywarenanocore

© 2018-2024

Terms | Privacy