nanocore | 005c64147fc04f24b4df3c60be59a4bbfb22066323d269cf10151f25b9a6209a | Triage

Submit
Reports

Overview

overview

Static

static

5

005c64147f...26.exe

windows7-x64

005c64147f...26.exe

windows10-2004-x64

Sharing

General

Target

005c64147fc04f24b4df3c60be59a4bbfb22066323d26.exe
Size

1.1MB
Sample

240708-kpajps1ern
MD5

a59f1027a13f0927dddbbd19750af958
SHA1

778c3ec611c576277e163a5c8d34bc4109e76720
SHA256

005c64147fc04f24b4df3c60be59a4bbfb22066323d269cf10151f25b9a6209a
SHA512

b8bf115d6f8225aa3d7e581dd09dba95a0bb88484ef0b5ae01f1e8f58ffe68184bb0953edf443714baf351fb5702db9f7664ad803a5b79b175d2049073b5be75
SSDEEP

24576:YAHnh+eWsN3skA4RV1Hom2KXcmtcOOg3/TUgj5:fh+ZkldoPKsacOHr

Score

10^/10

nanocore keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

005c64147fc04f24b4df3c60be59a4bbfb22066323d26.exe

Resource

win7-20240705-en

nanocore keylogger spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

005c64147fc04f24b4df3c60be59a4bbfb22066323d26.exe

Resource

win10v2004-20240704-en

nanocore keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

indialongvenomminister01connection.myddns.rocks:54980

127.0.0.1:54980

Mutex

58756871-e9e1-493e-a6ce-7f49581f1d4d

Attributes

activate_away_mode
true
backup_connection_host
127.0.0.1
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2024-03-15T14:21:19.534906136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
54980
default_group
IndiaHanger
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
58756871-e9e1-493e-a6ce-7f49581f1d4d
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
indialongvenomminister01connection.myddns.rocks
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  005c64147fc04f24b4df3c60be59a4bbfb22066323d26.exe
- Size
  
  1.1MB
- MD5
  
  a59f1027a13f0927dddbbd19750af958
- SHA1
  
  778c3ec611c576277e163a5c8d34bc4109e76720
- SHA256
  
  005c64147fc04f24b4df3c60be59a4bbfb22066323d269cf10151f25b9a6209a
- SHA512
  
  b8bf115d6f8225aa3d7e581dd09dba95a0bb88484ef0b5ae01f1e8f58ffe68184bb0953edf443714baf351fb5702db9f7664ad803a5b79b175d2049073b5be75
- SSDEEP
  
  24576:YAHnh+eWsN3skA4RV1Hom2KXcmtcOOg3/TUgj5:fh+ZkldoPKsacOHr
Score

10^/10

nanocore keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojan

behavioral2

nanocorekeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy