MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 16


Intelligence 16 IOCs 1 YARA 21 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
SHA3-384 hash: 7df7eaf65fdbed30dbd1b3fbf08d28503e362f9fc5404e2a6a216682cc9b311ac1ba20fbf4b5c47496d05f9afb79d600
SHA1 hash: d7e2f3cca3d7d92eeaccce51734999a734321825
MD5 hash: c7988c8d4e55ad226772a31c158747ab
humanhash: pip-early-zebra-foxtrot
File name:c7988c8d4e55ad226772a31c158747ab.exe
Download: download sample
Signature NanoCore
Create hunting rule
File size:872'960 bytes
First seen:2025-02-23 11:35:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 12288:YlMNMfURnHb+Qv6HNbwVAQXPZPT9VAGgQmLwy67Dq4JgDPEDW78RRVmevBqJC80Z:YZMRHPv6tkVvXxPosEgEozRRVBCMRH
TLSH T15D05CFD43B21731ECC66C831CAA8DD7596A029797207B6E390DB2B9B764C152DF0CF92
TrID 67.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.7% (.EXE) Win64 Executable (generic) (10522/11/4)
6.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 0cbef2e0e8cc80b0 (5 x SnakeKeylogger, 2 x Formbook, 1 x VIPKeylogger)
Reporter abuse_ch
Tags:exe NanoCore RAT


Avatar
abuse_ch
NanoCore C2:
213.152.161.114:43366

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
213.152.161.114:43366 https://threatfox.abuse.ch/ioc/1429438/

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bb07f628ab76d43a5c921a
Tags:
nanocore asyncrat autorun
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Restart of the analyzed sample
Creating a file
Creating a file in the %AppData% subdirectories
Creating a file in the Program Files subdirectories
Creating a file in the %temp% directory
Launching a process
DNS request
Connection attempt
Sending a custom TCP request
Creating a process from a recently created file
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Blocking the User Account Control
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt keylogger obfuscated obfuscated obfuscated packed packed packer_detected quasarrat
Link:
https://www.filescan.io/uploads/67bb07f960f4b4f0724b1579/reports/23e46dfd-843c-4898-9528-ed268bcdc045/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
NanoCoreRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2899c00d-b6b9-44f6-b525-b42e76ddf34d
Result
Threat name:
Nanocore
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1622150
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected AntiVM3
Yara detected Nanocore RAT
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1622150 Sample: mzdQfsVuNR.exe Startdate: 23/02/2025 Architecture: WINDOWS Score: 100 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Malicious sample detected (through community Yara rule) 2->60 62 10 other signatures 2->62 8 mzdQfsVuNR.exe 3 2->8         started        12 mzdQfsVuNR.exe 2 2->12         started        14 dnshost.exe 3 2->14         started        16 dnshost.exe 2 2->16         started        process3 file4 50 C:\Users\user\AppData\...\mzdQfsVuNR.exe.log, ASCII 8->50 dropped 68 Detected unpacking (changes PE section rights) 8->68 70 Detected unpacking (overwrites its own PE header) 8->70 72 Detected Nanocore Rat 8->72 74 Uses schtasks.exe or at.exe to add and modify task schedules 8->74 18 mzdQfsVuNR.exe 1 13 8->18         started        23 mzdQfsVuNR.exe 8->23         started        76 Injects a PE file into a foreign processes 12->76 25 mzdQfsVuNR.exe 2 12->25         started        27 dnshost.exe 2 14->27         started        29 dnshost.exe 16->29         started        signatures5 process6 dnsIp7 54 lxtihmjohnson163.airdns.org 213.152.161.114, 43366, 49707, 49710 GLOBALLAYERNL Netherlands 18->54 42 C:\Program Files (x86)\DNS Host\dnshost.exe, PE32 18->42 dropped 44 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 18->44 dropped 46 C:\Users\user\AppData\Local\...\tmpC91A.tmp, XML 18->46 dropped 48 C:\...\dnshost.exe:Zone.Identifier, ASCII 18->48 dropped 64 Detected Nanocore Rat 18->64 66 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->66 31 WerFault.exe 18->31         started        34 schtasks.exe 1 18->34         started        36 schtasks.exe 1 18->36         started        file8 signatures9 process10 file11 52 C:\ProgramData\Microsoft\...\Report.wer, Unicode 31->52 dropped 38 conhost.exe 34->38         started        40 conhost.exe 36->40         started        process12
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
Detection:
nanocore
Create hunting rule
Link:
https://mwdb.cert.pl/sample/782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1/
Threat name:
ByteCode-MSIL.Trojan.QuasarRAT
Create hunting rule
Status:
Malicious
First seen:
2025-02-20 07:26:42 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
28 of 38 (73.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pawpkm35rjbiqz5avmj5i5dcrnbh3oyrmtkejh36rxewxwvty6yq._file
Result
Malware family:
xworm
Create hunting rule
Score:
  10/10
Tags:
family:nanocore family:xmrig family:xworm defense_evasion discovery execution keylogger miner persistence rat spyware stealer trojan upx
Link:
https://tria.ge/reports/250223-nqndqswkc1/
Behaviour
Enumerates system info in registry
Modifies registry key
Modifies system certificate store
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: SetClipboardViewer
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Launches sc.exe
Suspicious use of SetThreadContext
UPX packed file
Adds Run key to start application
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Power Settings
Checks BIOS information in registry
Drops startup file
Executes dropped EXE
Loads dropped DLL
Creates new service(s)
Stops running service(s)
XMRig Miner payload
Detect Xworm Payload
NanoCore
Nanocore family
UAC bypass
Xmrig family
Xworm
Xworm family
xmrig
Malware Config
C2 Extraction:
lxtihmjohnson163.airdns.org:43366
tunhost.duckdns.org:57891
wintun.freemyip.com:57891
87.249.134.68:57891
Verdict:
Malicious
Tags:
external_ip_lookup nanocore c2
YARA:
n/a
Link:
https://app.threat.zone/submission/9ebdfcb7-3a41-44b0-9c9b-adb03afcb41d
Unpacked files
SH256 hash:
5adff9ae840c6c245c0a194088a785d78d91fe734ee46a7d51605c1f64f6dadd
MD5 hash:
e7cb657dfaec55d61ab84188a1a7070c
SHA1 hash:
53ce251ffd8111a5fd17da0aa3d1469deb94cc2d
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
Parent samples :
787748d37a912d90bb9e5d124c35305118c11aa25501aecee3f939fcd4efed8f
3a3ab32e4de2e4d9b2548961a5af1841fb8ea6e8b661679e6fcb963df324d7e9
d0a427ef5fa5496840ff480c1ba3f2b4a533d516f6fff8b012e131a4d5f6ddc6
0478f76edf55a95129c2dc410864c96e662827e14cda5d63f31456bb66122e42
faa8850d8a28a308c917200981a80bcc481cb089f804f6867a4608a28bf0b2b5
6c9bfc38f2dd0b8e0ff1ae18e0286fd13cc7f27dfadace3a6663ae53ef3c1ed0
ff040c7bf107a9f1287d37bf802069204275ae3e00df7ea4ac0afc8ac41a7af2
926223176c531972a352050b1fe4dc3a2ddc829c3a5ed15dc7fd27905bfbd1e9
e5f7e2beb3d5e6e5beff31347898bcf5124c432b325775a63863b465b2d1f766
c77f55a3137035638939de24d529042f2b234cb72d079737901be9967d74ad08
f5c2ca5c0224f07b3379faeb4d38d468e3266a939731a540700265568c5ee5a6
40808e79d55a9b69542b9c5204fe4e1ed52c75dfdd86a328461754bbfa8ab4b7
a4f1adf9b786fe5e0f9fc1242b00214ec6532f42e75c4d828d368ac1ef7c91da
cc90da2474f808f86cc1b0653b830630f43518e2e798eba2167b52eb4976faa9
009176f8fe52515f6230b0716f1c6fbed3036b6efc285a4a219260814e739e7c
f5416d2c5f567506a87fd4be6b16ff2f5aac8f0176ba08fd57be4580c28e3ff8
45e3b1735df7c76cac0c02dab2bd084220687e4d9786ea6a32e8bca70dc1a4cd
83c356a66a5fca0dcab9029d90a62358cd17822d0d5bfd745a54e3208bf55bca
3e6ec372972312319cb1a060b9fdd000d3ae6c00eedbd0c9599eb43ae2bcd822
f5147495983f1e0eb0d595bcced8d5fceedfef286909fe6f213760c0742493ac
b604d14fff0103500662f72e757d3c0d6138b9715d752ea68096ce75d0da18d6
77598e60e221cf8ad7c6b1a9f1644a06bf336aa69d86739299f4ffb83f844d32
8ec59075771e7d96b57ca7ff32316e03164dd34f1f72d2e033e795d8449af826
027704a79bc8bc9533c0d2d20c15ff824be56a280512e2305ac66dea22e91f70
57356dbebce9198acc6eb6c6d00d66e6bc1ed21a99988fc3bb473f83f5e8f939
287de19d6a0d64d959d34892c6992c6417aa4b4ebe6b3aeced33522a3d15638a
9ca8a8277296e09fa04ce5393ba39a917d69029dfc2a88b3a6a66e3576b5334f
aac33041fefe8ce37a64b94c622ee3c8c5c3e19018f09df1421f8b7f4e5bffc6
a7dcfd4b6de3f06fdfd1a77b23a4ac800db43cfc3772cd6f202f761d2fee1f96
11d67ce2068437cce35f0b601119ebd071921f536daa8a5afff7c4d03ff1a4bc
33b37dc7c77eeab90f5e561dbf89b3e2967b6477e9071d4ee35c09d4354067ae
84bcffa814dc707ae3f97445f3eb61f7ad8afd890c1cd257bae9db4b2de62982
6d27a676ed779a7ebcd1f6f9dd001af1e2ae84fa98a18ec61709bc79878976e9
02ec52f30f2125a25e1b45c2ad3f35a6601a11f1076d2cee29e6beabba3a655a
b7676b450924ebcad663577093f84f96d1228f4bf9e3808e127e1b2a16a70933
081ac62c1a586905a31013cde41b73255650a037652c9eafcc58b801d1853c1c
d1bcf8347e8ae64035086a221d42e0460b49c52d47fdb3dbbdaf94513e9b3271
aba0672f82dcf1487d5b7b5647291ee0974e962018425dbc48ee10438fd6cf07
9b0ca796af0910c7fc67d8c81a0a4f061c53278bfef5a568d6101c2c1eb8af23
f944ca1d7c21680cbe1f62c78655862863170c51861ea0d930e7ed9b22ebc7b2
be8ae15279781ab2ac7f6985d5d611d6533fdeb2be8d783eebccc28e38ab256d
a1e04def7fd209402cfc002db03fb18c9d8694d6707b4201cbaec8ce3303ff53
16ac39458488454a5d43d2f0d250fe014bf22ab1542ee6cbd10c6f69ab8d91d8
347515299470b63f35aa85a7d38f215520456ba07dd7cb43609197d070381b63
ae1a70825040f157d78228d5668ffa7f2759fdf83293e35c351e5b4e8d035c4f
da5672185bdcb791e426127091bc7da56812d6c6cba9fc6aca754e43b59834db
d4e7b1bcebd9b9150dc206559b929744b9b592d3d62baa7902f3979b60336177
b6d1bbc15f5ae144e4801f8188cbe4768f3ba42e2c4dd56f42a7fa5ec9638460
511058d592e007c9fa589f9a703d385c39b7744e9d10bf94ee5ffe8cc5b6dc34
ae88fec8df2e320104325abf884d96a5a5248b174cb42351fe46bb2f43c99ecc
0166d72b8690a6a6982062474e31e4564a737268d61dec45e8edb759536dd963
33a9199e6a15c0cca7a30439f71a166f9b475a0ce4d1ca548845ec8c49f5fd2d
4aee0546da115d551dd0bbaf2c59f17fde0005196484a6a8b6ebdaf0b2dea1b9
ffcdb62a0cc1adb7700c13310a3234fa7b25d0981a97ad089a7433c60e7f5188
5ae6da4b081c085b0fb204312664df1ad1c293e8b2bd59456c4038bba13ef95b
8d8bb9cc17e7e3bfda2630a37f1b8866fed36b43765ef579977684c7fcc6ee7b
0ac64e3c4051edae7fb30c1381b4406e4e79663e313b4dc0b6af84a460e011b0
ce00a14a2991483cdce0604f80100ca50e70073c171e053057b20d336a71966e
2ac5abf0ad9fd254de8135b4313aa1d06a4fdae68bd44db6891fdb3130e124e0
5f80dbe0b909aa3bbf9fa7f841ddcad1687efdaaf31b7523dda11ab6c8a97d94
538a9c0bb4dd4231c1787b894df3322333bd06d98b115b4cc30720e6b7260921
74eaa1d454050b2d1fbea9d50b8bb5c9cfe9c60e79fbdf9018ab37c8349d5955
5a2a58a5c9a50cda175b03b68636c5f68d7dcc73eb19311ceb2940dddc97654e
f332c9615a0633c97e162e3a76c4c75d3a9c64492a3656d0c6d3f06f89383928
055fc07fef20e60123cd7d9760cffff1cfceac4a752a91b810bb708da88b4316
f9925fbe9ba09a653092fabbcf4b097e46651f500ae7cfaf1f68515168b333c5
58c1bb1c19cd551261465044f769a313549a574a345a2754414e48f8fc08bcbf
9ff30e39c38ae46ea0f2ab5017fc68e32580aa9a8d7a237f98ecd5c3d8fefc34
5f1cae07f4460a2eaf90b0363c946e6a4e3af969064fa1cdfb87a3ace03bdfb0
ea3d846cce6aa910a7ff04f5908946c735f94c41576c4cf44ced9c6304491861
dcb42b8ad4e7cc40fe12cfef0f5b97fba6073716a6315784ed6dd8847a51e86d
edcd9db80fa6bb9d601b9827fd5e745b8b0c6057a34b02584ded808f2ede0a48
4af2c738b8b2cc2a5ffdc33dea46b4e82582d32c95af28456127991bb1b50e09
af991ddeba10d3b5f7d23603c840755386967bcb17175e3ff91dd52da78375b4
de54e5225a9f063cfed9c337da862e02590c3007a23dfbaccbc6365b60d27d3d
1696a69754bd81946fa83afad98de0bab251f1334beaef777aba712e9eddb143
0d30580a153ea3c6f4f23970f0ed810824fbd67a98f02b076db6c01db6af6c62
bb69c9e4dc8bbcb1e7c4d7fe8bcc86c87cdb4af34212b992a5ac82ca8e92782d
1eda4ab84c92facd24c30b894a114994122cab19f4fa0f9368fa147dbfc032f9
c7504e19276343cc24118b10ed938822f791425e06c4e1865101c5446eaea08d
3c00e14ee895971b1e91ad04aebc4970b9526b79ee8413c900acbb9b4ae702b8
a69b613b4c99988b72e10c917489d5a7006b53abc75f7706b578e8b27f3252ab
50e7be9654710bc245e54d71c9992052af681f9f7002bda7232474cc7eefcfcd
b00f2a45170a731d423dd77ccad80fdaaab538d52d4f938ad53eca799eba2b23
c11538b1d7c0d04e036eb09f26e4c59576a79b97fc420bb996c617c392bb8aee
aff2d8ebd4a9c0218b8df1314b12fd2dec7706b7f1cea2029c663c53e52ff187
b6e1a7be0cd6d15ce7ba0bc79da9b8f280ab0060bc7754ba3df84555fc28b0db
724bfa1f9bf8b08699e2cb9a8c6fc0a13da0d863ece815e6b9664aab67c3b61e
2c1df05dfc658609d528cc769dbcb60191e7893fac4b46823d69843f6c7ded71
405fe1e5e2f1e04c918ccad650f5f8c035058f182c8388bb755241dd91589bbf
7d358d9073726daef4a05cef7e9a6138aca76ecc4f679d15b4c98c8e23d2e763
2ed7941c78a8b93373502b3b638392b1981785718e31bbbcca4f251d6b21f535
fb98e235d9cd58d96ab4d3389fdacfff82beda19357f313fabd95729bc984ee1
e44b986da4c6d454e98db437793fa0efb393e329b6667291656224a61f4892c5
c95de6e5963a1f5a56a8c768e69b59217aceb0c725760b29054d4bc68c75ea7e
0b757a7d353142364276c6bea7225a9cf67f81206ce9fc8f9291ab4dc911a481
b69b9806518246a9db6ae7d892b6d20b3b2c3381851def105fc5bcb049e717fb
7c0fba40b02bce96b799951c2e559ff3e78ddb5ef096f13483ee206e33f6ad45
ca24c73a0f1820042d015e2d96c97c08a37cda6cda766e609f9e33970f269fee
0297c69a6525dcc36009ebcf3df69478f22e99d788dd81b1a26728c7acb663e9
76ec6af0a17474fbe15708cfbaf20c8a7ccfd68043e539e4ea38f24f34b8dbd8
3f21cc31c22b4ad07980033f0d016966da2743d9f65dc5bc592c46c2e028a074
05d3f3857ab465a1886005e6d6138c84b8c19447b71d1781e8169e48c371c0a3
30437c6991871291a51ae849894d48d0179bc459db221e48d1c4a5bb1cd522c6
b50e43fcbcbb576fcdaa25d54b1c245eb4896659a1418b0c7a2b517f016ee3c7
7453e2691add44d3d800249e0b5b37ab5f1e598b8e2917f8e0b0cebdde109179
eff4be0205784bb6386855f54630e170d8915e387d5a8f9d3b10174d7cc6f47d
fab2b2eddd748ae7fcbc5a1d0c2e0a7f9c75214a114d9450ca41c85ea9e71a09
730f10ea6f19f62c826e980760a20ded9eccbf13c5595ecfcf989722dabb4b27
3fdfd6e43f7328a408c2c5f27faf60cbf213f595c21cfd5b2fdd54170fcd2036
078263b898d23617f9d122ed659a6262ec0e90f284e429af3d08ef6da5d31b47
04b3e24898ad118dfee0013ae96979d83d0dc99c3497fd123b09d3cbf9180cbb
1b7695c083699fbd1a0f577d68a54a9619981a35dc3234b9298538e2021e3a7a
1fa99b813d2291896dd8a8d468345657d677a49b02b70d7c9f60e668aad2cc67
7b9c9e71110c3980f1803a7438f507eadea9b078e59a61d551e21e1cae8ad5e5
87dc8dea6c3860531876193b34e58dcc590cf646bd863e52430baee19b2271a3
72ef04b633c90ce77442104498f7b667e6bcf0deee9c837beb54d8d3bb3503e0
782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
da551ab6e000732499227a67f2be68d1256b58d95963a903cc316e2730db9d1e
b6383a5fe17a23dce23e59aee55a9d304e60b25cc7cefe9d97e7703b0886c1bf
7b1d37ad80336e2eda4720deb2dd61b353c9ea2071f9cc2564b4fe28d2ca775c
6e3a3e33b2e7792291afadfd45153795c642eecf859eb01911943cd57a55e478
8bf01e5c0e48ae7f101d2e955f9829fa545449488b22d5bc1d02fc56545cb27e
39bfc41b1b43a5319ca1c0b1df4906b2ff41c120223f372e85a696432667fd93
572ee11cb26d0952d901bc35f226d46264264f01afa9cc1491745400f5e5f360
70a1293f9401485295f29c408954fff91895e3659daf15554f0d36acf01bb04d
73894e9dabbea10e1befbf6d68c03b45dd45e8170cc9cac9a2fa420585010ce0
d003d51384319fc697de30896a9c38c3363e352de173406f78f29410ca3282a4
1fd19f607089ebe45a528376af9057185444bb15a2f1307eca732674d3c39cd3
511af3c08bd8c093029bf2926b0a1e6c8263ceba3885e3fec9b59b28cd79075d
6506e06b9b96e41137ca0ff6be68c11c31804d350277ef345454459d4c2228bf
6b0bef0d0996bc1eed9dd88ee0f01478b1e5d01b016c03b6f18edc6225a72a6e
cef5d5a46f1f6207c526fbe6e55d370b3bf2543bb7cf53750002933881c89b19
920e4d99f8843d65a8339655a864bc81e03366e974a9f3329d860d515b60a0e1
08a38569c56df9d4889cfac468996617a68a149f8ddff7bad16e6609e7c5571c
e87a5cb662913f9eb7a91ba0879b534da9069f26e3176d9418b16b39eef6f9fc
30a2111fc32aa43eb5e19bbe6a17b4653387dc46c7b4c90f2b735fd1e58a05a9
0e96337c9c239e6151b82cd4caca508f1235787b14024e22f75606901016b232
a0ff35101d202ae3367837980c58ebbc2238ddbed52a614b73fee68bccdb7ad1
9b730e4e913091b07a3ac73db0b0bc8424fe5f005aa6ebdc7218287949ca1524
ddd294075c549d450ca2980348b9aa282fbc1cdc1f032b62f12f991365412fa5
8e000211c865431b51b1e3733e0bc6d7efcfb8a3d45631cb10f0d7813b0b2e59
be959c5af412cea0ace74075b381c4a2328160b92cdde26a4dd8739a437be30e
fa5584ac7257747136c877bd58182430e2d23d5c6b4eff9ab240fcaefe526ee5
e2981af6ab5e2643908ddd54773bcb6235122cf6d1d1a77a876edfea51ee4d63
a433c4a4a88ea7ade87bf36dd4ef522a8c6f13619f2ebf2bedbec029d59bb134
a7550382a1454c2310dd59d031924e796feb64e71ddaa26e16c36f30ba3d3197
9b7fee62771dd489a06bd73844e56c4335034872b8d0286cc456ca6077b0e149
SH256 hash:
f78179eaf60db18d6b485f17c889e26c7fe5c4817063b8661f7425577f8971f4
MD5 hash:
6a6a79c0c2208774bfb564576ee1c25c
SHA1 hash:
6eb13bae61425ecefc9b89eccaa9cc63a53cd9b2
Detections:
win_nanocore_w0
Create hunting rule
SUSP_OBF_NET_Eazfuscator_String_Encryption_Jan24
Create hunting rule
Nanocore_RAT_Gen_2
Create hunting rule
Nanocore_RAT_Feb18_1
Create hunting rule
Nanocore
Create hunting rule
MALWARE_Win_NanoCore
Create hunting rule
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
Parent samples :
782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
da551ab6e000732499227a67f2be68d1256b58d95963a903cc316e2730db9d1e
SH256 hash:
5f14b8deb422b78039db4e0d8a35a663ce4d6b8daf2acfe937c87f957f5559d1
MD5 hash:
4b49b50d8ae88236fe74221b13fa10e2
SHA1 hash:
7012eee7ac32ee2a9507d94993a5f8c1e56a4ee0
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
SH256 hash:
971ec651d29f596eeb2dceff75686f614ccfbfa1a0e91d4e92819709c45c92e2
MD5 hash:
3f396a69595cb7af87bb57ff51d6455f
SHA1 hash:
2691e6c824f46370c7e6b9160043128f1d8c2448
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
SH256 hash:
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
MD5 hash:
bdc8945f1d799c845408522e372d1dbd
SHA1 hash:
874b7c3c97cc5b13b9dd172fec5a54bc1f258005
Detections:
Nanocore_RAT_Gen_2
Create hunting rule
Nanocore_RAT_Feb18_1
Create hunting rule
MALWARE_Win_NanoCore
Create hunting rule
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
Parent samples :
496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
91434e57f158bb81625776231e38663bbf467f0bec3048d4c49ed36461ed4724
674427173a5e079caa90209387e6131f19ebafea2f2a0b7c580fa8ea7d4eaa45
874f9ec9a67d5ecb2c131a9aa0c4738af6bc7be28dae7b47c797d8eecdd9961a
c8f3302ef072664c135d2a3049637db8ae72058f63fbfedc67dfcedebf4d236f
87e9f553b96d552b75210d1a5278039153eedc43e2a10b1166f106e9eba60572
e3f6a75a8004412643549e095af1150d8329a3c46a06aef839842b90d54933a5
340afda65e77e299379392aa25dd7dd040d1a87e51f2249547d083a1d85641df
6e4a05f7b769a8cb12f932281af71be353b058d68a3f96bd00a38b63e78bae70
cfaae9c47bf878627929342f50da998d65f9e7912c5add3c511e6797d4c5f755
1db28735ca3b90340bc6ad5c329f48c62873093d6eaf48ee059610cdebd810e3
020e75bba53b32452b70c2796aabfd51dbd2c82380bf138158ad590d9db1df72
54bfbf52039fe4b62a29452dff37949e356b3baed389a376e6b51192809dbf40
30f5366a61da542dd959a186cf9ae3cbc13efa1d66fcb67631b62cfd8ee52612
8e5e8bda1605fb29ff06b1fc484c6d0d16c0ef92a0cc5567a5f082b9e5bf5634
e3845082f1e4162bc8f91eadb13e63a07d7b985e7322144c0867f364157ea490
ee5b590a1cdcf73ca79216ed770d5fe7d982c812eb7afb86a2e4f4ffda1319a3
4a17d2ac4d53a35e42e4a0ce9aa9e379876f5f961cb4f3a11b789a393878c4f4
a7798c3799df802359d6e7b182f374d413c79ef844097c3f0ae07f9557417a88
149e9d049c83abff4843e0fab7f6cde552aef61e32a53d61e76f6c5adc3db25f
f6b10c59c9ce33c5c8f6b02c3293fe5d479e59542698c91b15af74bcce50ab8f
6ff9daa15f841bf3600d5a9174ab11b921ca8e8f1c9017a1c18afeb514c0f72e
61e7d79adc7462d205a363d9a925f3cb994ffc42c1aad00edc034501b2be5a6d
2aef241c8c48579042670ef2dc6f1cf81fb9b83528c00332daae95950e97dd41
c36013e4224ff11ecd2d2c1eeb69830211e2cfedc94260678ff9ee16590c89dd
4e31d493a6e64c76ff10026b147f95c6f2982860609803d88c8738a26fa3309f
00e69bcba637723de4f9a380800be9b813def689a4d150e0879ef43e3c613361
9d381423ee9f27108e8df36d255f1cfa33e6873ab0d7827d72b47d548293024b
4ba298859e61cb9c39d9d4a4d556fe6357ce0901d5d4ac6f78e6e15ced75cccb
9598d353175682d82d7bbe9eca3d48c97552db2718e77007601f80541b7c8afb
82456f6e550951ab6a0dc2cec4f2b5dc7cdf7e55170afb0589fd01196622e98c
ebaad7382547ccd2a7122e2a991e0b5fabcfc49823e258eaef1c2c57062321a3
8a29c80b0cd5df46f57f94c8934bccb49663e1c2311670875aa1ac48004fbea2
705bc7195bef7a1304004fcd66143fb2943dbc338b21638f4f33f828c31b1e2c
0b9ca6e1597ec89cc959fd7f59820216473675c4178cccc5a533551ab8a61099
7d5c964e4efa00ac05a78f01a08711b4a5be766cd315349df6d385429daad481
e90ec79bd12ab12fe9f1fa7cf0d1914d9c1e996fb779ed3f034601f53512dbe5
49a55a9e822640f53c209e628798a3ccc239fe69af6a690afbd931dc4d7564db
a5ac0dfa706e54b84ea190b833844df140c4d656539d75afddc32d3169869ea3
621368e2459b29bbeb8c83f9154fc48b4461fb687f45888ac8b9b628e3305205
82f800b2cd609858f78b1014e5fe5729059cf520d598aa99d22b97045853eb38
9b68bcf4e287320a6e257953091213ac7e016d7aabc63ee02b0e73e75a782150
451c0c00543d2e11080b0f769b081c95a2a4badaa6604ea3bab382e46326c262
42c3d510fa655fa4f20163b69172a6dff1e990e8630fa465c4cb01c47f50cefe
ee58fa913b4f5d0527453664b762b848404c19c23369ab6c4c893d55adbdde4b
b54e60c9821848c2ed3555992e7a413738176ceee30700fb264b0cda23b6c541
307e36dbfa77c7fe9d4ed5cb61d36a4fada75e7a2db52db3e1df80d222f768d0
5f76a4d34b1fb70d631c3e36bcd0bee199705cf4c15dd6d101246601e702bab6
8348a12f9db7da150a1920718df15448bc7fe34dbe4bc8b788f3d269f940fa3c
6a0b8f403b660202a6d599aa998802af71064fa3cdbbc2377b75885149cf1773
b16c9c6b0d2c5e04fd3d3bcfb9f9a8712502b99a1fea9edf9a2ff1dd1cc8ed41
9f124cc051efd9492f53488f2a60642d552900fb0f70f465e520fee11d60b481
89a1c02dfeab17d26c8a9664588550de3cf2ab3e91cc6c41a89b27daded1ae28
7e2d3731c940e2b0297361d6e75ae67e07b8018ed028e55a04be3cafe84ee99a
3ba9eab166460c7654150897e277fc794361493b3d4e4edd917e0ab22b6dbe6e
be358903e08c518b81313c4cfde845b466a9d638d6924f463b58341274154d10
b2865f04239ad453c02b1baa8aca4f44e9e5d3326c6915056781cea7c0bc733a
d5699a87bb3c073649f980158a31bf8975bdbb0ab51b06c9b0e82d6b2f0b861e
f2b8ab95d31e2e8381965f6ca4f2f1cf6226e11604375733bed3bc59334dfac0
9411c6d5c0cfddb961ea38414e2af007c8399d93962057fd1e340478565a8b85
79216525955a188f2a55f94514cfe9b9c0c1ce1e116d930cd9c5600dfb46ddfd
c1d29284b6d4ae244712dd49661841b36a6de2387cad6ab55388b22769151878
c39791b8b7ee23adde3bafbf1e5c6acf5c08f94137e2ef8b59a04b6d8760c79d
4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0
c03858657307a20f2da776ba010c76495276e80306c19b70f44342c8bcaece85
3796fdf35ca6c4557746dc1de61e477fe9972bc44a2fb23503e302c27fab4335
0117ba3b90a77a00da548bf15490d6623de69e535d75fbbce8279b91c82f5ef6
ee66629e98c3278017e7297d3b2b57aac9783a51a46b34046ccc866d10ba4f3c
58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0
62ce4e89f91a70f82f5a61bf76c4ab592982f761eef609bd7ea7b196f9415e83
88cb52ac93a1552b61addb60481cacb4fbf6dee7f8d307ff87009e38b8e30088
1805439355f48464312b4f9c0e16301c5f211c204e197c2000e7342c8db95c00
9c91a1b8c4da2d7588f3aecd76cdee7dba24d95f0874f79fa711c0b0a490e273
b0ad6f779e4a72a0e75bb48eec11e8b2f270c95078054e9559505efce6a25c8c
8008ab1db4e5ce83daea144f7ff2c2c81f10f73843fc1ddba4040426a54fd1a9
2d05c9403bbaab8471cfcc838fea203af7fe69c53041b3320585418d3134c9c6
e346a199826939f2970cdd5337010e08cd761c0dfa35965afb404a04489ec0ed
2de9fa092d7c352b538462db3b0a9aa757924ad55383b24a61e797cf3cf08372
b4a76ec2287a65963ea978ae7911b8c42c3411a21c995463985599d975e9960c
b449b20b95c94cd1dc77a0edbd7eb8c183392ff0bbb53f2ca374d129f5ace20a
a3b66fd528f2728fad40ab4eb46c8f1fba303b2c3ca54088fff6223da96c483d
26321ed18abb4d44668e157dcb9a123debe3b7477d95055d20e5f5d997bf60d7
d74b4f0d1c183d485ec71cd226c4fc8e09833fea51856c27d90361c50f39a8bd
005c64147fc04f24b4df3c60be59a4bbfb22066323d269cf10151f25b9a6209a
535a76b11d8e55c1b67db48a5e19521233c2a877f83b65fb6e7edca3257e4a55
b3ecfad7812c038effe03852fe7794bd52d291a97d858245c48ba8fd8408e131
74b5c4b71fb6634b2db9c8501147f6511a376d39dacdfd862d5cd41bf2a7cb08
314295f50f19bc76b802b15a0ec487c50749dc617d48ea91b129ba699e01ff31
95107cbf8e5e80e92bec2ad6da134b55944850fd5306f64efa56cc9dea4a817a
57cf5bd7898d781534ee364e34449af06a9e263b91a4a468aa26098b829942a5
9a32df235b0a6dd55cce4b65a798830e32110264a8e09d578714c0c7389fe7e1
c00ff750da6d963181a49a76e0ec0c39bd58fa6f8926227543c3d65246ac4a17
a9b2c3cfd1964fc818c4ba2955f17482db01a5e6130dcbdc93272c34ddb31343
91dc640360851a1e69261fe72d9fa570a73e6d9465c8ebf971dbe840493b890d
0211ec291040f1e5ada7c762b20df963381cae88923e3f103d588a382d3a19f3
4bfcba248d79dfd6c2cba52d7c9ee18842f007bfa0e3ba99ababacb4794e8c6e
ce3ae4549b58a5304de4c262ac272aa5da715b63edd796de299c861330a4a8d6
a0a4a86c7a612d31e6470cbe01693ccc6190d4aef4cda0735360cc95194708b2
6d233149cf42f476907c45a4e63329d00af0c78d9dafe6f9cc5a38784206db02
3ddf341bb96d5cb94da122b59b38d655ebd8deac277fcaa9244246f7e131ab04
c1c2dca754085aff5214da6e196b7973da114eabc1632d077a505504d950acaf
2f468583af58180a7ce4fd6ca34aeb56bb7e7fc2738d1ba6df62accfd61bd3ec
6c22578a9080fc7f38d949df46f1bb88f386fd17ad76d78cac31e5b7782a2685
3af587731a4050cb520beeb1b67fd2d0654db2edf3968945419218b85461b568
4a842606d80e5bc30a9817fc11877889b24e3daccc2ba7ea0711d5c259e70226
8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520
87df6e5a5e0a50b6d49e15500f70588476991ef2ce6b6a745ab5164314a34fcf
c56b0068b210b206f7c93062eb115654919ea50fcb21a35391b25e33fcf92af2
48e087544d3e050da9c8e86b2f18636ad1ef475d158f4d0c1eb09b7fdaa21dcc
ebab7ddccea1d6b5a5d4e69bf2dccd2684fc00f5955ca5e6bc5bc51833247232
1e4d548172c9ed335ba2d27c2476d9bd8751b1a50361fa27b5ebc87b5a21d9fe
e1ebcf818a956afb18a8d62551d16cfbe7876894dd4190bf7f4ff4565b3d2c74
a317bcadef76feec57223d92244a322eb4409990808a7bab96cc929fbc4a7164
70494a9ed1d509c12c48aa4dc68f06f73bee77a18a625b576dd515e9f4e0d6c3
058e2c02b8cfb93b480ea8cfac08e967b39631a579256ebee27fb7472194c1ea
9dacb1dfc8347248dffc1a1bfcbf07060bc5fa5700f24558487083c4e3001029
a920dfb486d57b7d60d6bad4643d4f425802ce9ac8c520f9771d6689b65ffe80
2634af4fb7d0c056e1f96809592bfcd3ee9f3fedf0ad52f9340b67d3b67d9f0a
0f1d6aab547ceca6e71ac2e5a54afdaea597318fe7b6ca337f5b92fdff596168
71a22bed7ab5a26158fc1cf1b7bb87146254672483aad72736817ff16e656c7b
8ebd2e57f1a64a6d1251ccdc21eddc4dc7afe05385dbf7123bb5e291d94437c2
e49189557147abb38b584bb167b436947cde7bcea7ab44815ebc44c4f21e1870
dceafff25f376bd3883f15c500fbfe369b45821fdbb0e34caa0bc715f5e34ad2
03f869fc2438617cbd973ac052b07fdef9b3f5d67e0df12a2e43307b6c477db0
49b88f74282203ff9472be70da1695613b5516d0531c3e7a424f9de8cdb19a0d
a9b8879292fbf7bd63b7880cf9e1084040aa1c9adaf0b0f2d05e721696aae161
710ff75d5a2cbf5c03f0d614b6be6f7a74c32be8108427648445ea1acd8a3cdf
4b18e456fb558a50380ebfb7c02fd98814fc4b41aa0f3a62c3286b633927ebb2
84dbca2e531d9204bc920e15f1764606113509ba358c1fea1df10ef8cf457351
691c9052e43556c9e4fbbec1db2f27bb448bdc3ee6492a648ff0a5b53d35b5e8
1a9dc2fbfe2257278e6452872cdbd18c50bf5c7142dd04c772f1633a7f20fd0d
532c53d2a5602525fef8ca7c49a3e3990bb352f8a07373e599736dcc1174ef96
e207ac84a52789e4f93b901bdc24a0b9930759d50aab651cc3d5d1f3be7a3e44
0bbff62a45fc9776575ed143af2d7db332e2781d7e3de56eb3ff48c25d0c7b46
f068cde1b80e9acc6043f24115c61b71d9badd63535ba1e08f8ea41fc378be67
aab512030974507c73bfa580ea67ffba4629ea44ab61c60ae0b85560c97e1867
01188fbf53b8744fc691385286b90af699970de02a6cf55f9da86b1c27d53f37
d2da6a437828e06a68fb1d9ec12df9bccd142b5f5fb0f489efb2234092887dab
782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
da551ab6e000732499227a67f2be68d1256b58d95963a903cc316e2730db9d1e
54c028b0bb2728975b22d500df2164a3218670a3db6cb8a9a31654fdc2b8a20b
fcf8b6406f92a604fa5f8972fc48e55c1790a63abbcb72811984e35515cdf058
d3d5963442e6c36209ec3b38d4e16600283423af9c2a212291bb6cd7e8a837e7
c3e019a0502617286408630187c0e19eb146ee3d70e0b9e0390d9e3763e041bc
6cc902a129311aaac4f40644029251ed2fc60a9138cb705d85e556deaf5d5cff
a3f21e7d47d2f78d8487048e2b5e24f6e9a8279d18261405eba4ce33aa98bb17
5d700fc9a4aa2e6fe9df0c256f429f8a2ff303b4edd3bf496b730439b15e2017
54efbc967b2433aa4d3300c7a0366f23e87da1d8e00edf4087dd4b0df34c8e41
cb68ffe5da24d5fcff1699198094954a32185a05cd8d5d61c85ddff66c066a46
0194a7dba29d62fe979b70e944ca6ace74beb02c29aa3217099e6db896c768f8
21f3851df5c3487b850c88275818072eb000857423f72608b0708b53bb3bbf64
60de37f8965472ff0581e060db7950e8d198495538822fa5866c0e7ab8f787e5
198596f7bb8893e68b762503c8da049f8b263b3c7e5b3210bd7eb1d5c89d7c10
9307ca0fb898698d7bd9691885f4906233821a5ea65fd882c38e4b02e79da6fe
fed673ec9b344292155fa81c6339ce0acd7c832b561a9256c5376d2b8fc1823c
86c1673543da8b4d4d48dfa2e244deef173c3b6e7d5c0fab49b4c3a1ba84dc7b
2b0955e7f2522416b0b3612193de1d962d1e14135de76b5bed230c28f4eac356
7fed8bf46a38e2137c71fc6321a677baac19dadada52490724eb94f0ead36ad6
6887df1574fb46f18f7104d39016288cda522e4f12fa62684abd79ede10be6cc
fef63e35d792b15a6c741896dc2998e9d359ea97f3ded6b4dd48f74ef48ebc92
38ab71edd7d7bea5523ed8b92132d478b3908985aa7c8e1795982e611b33e445
c63b71399802b4e604af2072be8478de196ff17458567af2932efd63a2cf2641
0d7e42be68fac7820630de7f5c40868bae2a9c14f1436968ae462ee1d46555ac
bf90356a990236ed0cca1408f0c6cf4fe6cc70aad795ed254f69e29036ef5b67
f3f29bda95399edcd735bb64133d3dc5def59daae166c10ce983cd6aa3887d75
2aa789a884445cc20d9911635e40580f50fd9bb2c1408eb6e0075240ecbb4a65
f48da598062316a0cfb08df3bf30f916635a9ab3d76982c821bd9973aea64023
7c563e7249a222861f18b8155e331465ad1989f4a794b6d8dbdc95a146c9b2ed
def98259bba7c128a22dbb9100a3e9512911d9775ec82175f8a8a3c26b993dbf
2de12846ff14d4cfa6de2b49b16ed9a9352e1164dfe9c5af84d07c6b11b41067
817b107280c2c8c7996f811be94b696d978fbfa943a4d84b2f95486190e2335d
716d1d177e45a0ea675d274d582ba39a839d749e48709ce25c0ec0df77f0e073
2fb2a47cf39a1551639d130205a1557a45600f3eb8ecbec658c16c477a476f8b
d7cff825f5646c6193712cdb25d267850b3198db1b8709f0a411645f0763f9e4
0eb4708bc1ecc868a3247cea58065db54315a8f30047b6e2c7cfc4ef4fa7f6ff
ccd665e0a79f33c8823d9a855c722c496a8670c05d559254460e9c304daea4dc
1d9b47e8366507c23d81a11dfbc4f5e54c95f6a4b778da0c5990feb28751bdae
9e79e11cbe6aa1007eb645b8da4dd7ce5fdd9f3f2b7f4b19b3f89802c164f253
6ff47485544ecf739493816572006c668a31401f0620daa135b7c7feccb4a845
6bf1d4c59a3f39d888bd56464c6fbe1b3c3710abc01fa375351e5175f2b9fa45
2009d690b1953fa11543c8b7003cbab8bd1c84c2ff67947f65fb6d321b8b38f7
19faa35e4a88f88a37632b1ddb78318c66f38210d7662c4a0103f8472c518c30
4d5c94ee188d2b20cc91fa680b6a81a59a61ac93fc7e822dcd58be0310fd7768
ac5fa0b95eb652ea20dfe2764447f4dd75e33036c9ed1ece7b27acbf58b3d476
c4a1fa419e1fb2cb82a669adbf1e4c1236101a9733d405b762324aa4a4ea8281
887a04c14e639bee44b1ebe4c110004818f8f33d2fb1ab14e88fa25fa44fc88a
27c7707f233afac647ecb4e9dc4f7bbee3bcde358832b8c09586d9006993bfd5
cd6b5814bf7ec58c93e212db21c3045491b15683d6b9a1b4a47da4837ca991b0
26053f3d63255bbc73f31dc611c7ef63cfd75b28dfd800bc7b9a11bb578ed89e
ee976be94fb6437e5309b6b99354657e401e371aa9e17f7665f60f8474b74dd8
0c7b70edd8d840be99456cf9e35ca9ac9e341b6e83875745511d60da15661a6a
a6bc2fb206efe4340b16945ebebfeb7e30bf5d3cbad01eff2ee26120febdc627
b41af469b3606ca663b503bebe27ccbab1895b2ccf19e33fc26a38a243b44514
d5fb06d1399ffd954b8d1dc1bd81521c4010acc244cb8bf99a8f9c83697e332f
aa4adbda7daad239a268c41c7735506d3fa7e65eceed44c72f4970696b68dbef
ff9c7d024d2c1e379be44e420c9061d29b335a367492d6d7ce957a8a52628d3d
ee5c5ba42032ee6a64f4fe4e3bf490c96275a6e4f7f53299286357f5c0adbed9
eda128c2be30349721286d162089e9bd3d4d956e06c902d25826a6364c641404
ea90b2b47e8d066d16c597cc1db8d77734d2ed209835e836f5aaa0c6dc2d5c93
339d2c7c00043ef1ffa01080771fc2392d4b693dd822370511201f5bf0f45f28
541705f1e268cdaac90869bb557cd7b15c29cf6c01ca2ac6fd17f5e3953d394e
5210d712006b4a9f71bc3862c38d09dc2f65b27e35629e9e1192290db73be935
2d487e83f730e2f03f5a39cdaf7959597abcb588533f883ae6b02eeeafe1fcf4
b56604d2a0c55a77b35a3cb6049b12f4dc2bb964f965b90b9657a00903e0d417
f99a35529d49c648c01518eb567398141b2ad7a809f88618c75b6f637cae3926
480a1166729945af333cf8a6f5d51a4ed13ac5e4af1487ecea6e87f7aefbf656
ac7c3c0c3906c4d93e34b91fa34941277f044ac26d037c113c9756a4f18619dd
677ce0d368b44c16550269a5f337c5d8c67cf025664c614ab1add706627b0594
1ea022e39cb9cf37fbfdc1f6b2b4cd2dff64793c981312963894ecf2d34587a9
de2aae7cad657545766fd4b88337a5474434c57006e56c149bd2138fe6b035bc
a22cff1b630771a330a605a71829ad0a113446b40a38044b5b5ce55df6cc2fc8
1494410b9ffbf0bbe4efe4048c41afef4cc75c32b16f9450485e5f22f298fd3a
2688dbf43420b3799d79c51e0fc776d7dc840a2eb925f7214cdd17324b0798fe
741c421367b548b8b45e8ddeb4e8fb735c7b1bd22d4c557841eb299bc0db4bb1
SH256 hash:
01e3b18bd63981decb384f558f0321346c3334bb6e6f97c31c6c95c4ab2fe354
MD5 hash:
9c8242440c47a4f1ce2e47df3c3ddd28
SHA1 hash:
874f3caf663265f7dd18fb565d91b7d915031251
Detections:
Nanocore_RAT_Gen_2
Create hunting rule
Nanocore_RAT_Feb18_1
Create hunting rule
MALWARE_Win_NanoCore
Create hunting rule
SUSP_OBF_NET_Eazfuscator_String_Encryption_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
Parent samples :
496bbeff36c20e17f2967fb96527b48ab329d1cac12347fdbd8692c46dd36786
91434e57f158bb81625776231e38663bbf467f0bec3048d4c49ed36461ed4724
674427173a5e079caa90209387e6131f19ebafea2f2a0b7c580fa8ea7d4eaa45
874f9ec9a67d5ecb2c131a9aa0c4738af6bc7be28dae7b47c797d8eecdd9961a
c8f3302ef072664c135d2a3049637db8ae72058f63fbfedc67dfcedebf4d236f
87e9f553b96d552b75210d1a5278039153eedc43e2a10b1166f106e9eba60572
e3f6a75a8004412643549e095af1150d8329a3c46a06aef839842b90d54933a5
340afda65e77e299379392aa25dd7dd040d1a87e51f2249547d083a1d85641df
6e4a05f7b769a8cb12f932281af71be353b058d68a3f96bd00a38b63e78bae70
cfaae9c47bf878627929342f50da998d65f9e7912c5add3c511e6797d4c5f755
1db28735ca3b90340bc6ad5c329f48c62873093d6eaf48ee059610cdebd810e3
020e75bba53b32452b70c2796aabfd51dbd2c82380bf138158ad590d9db1df72
54bfbf52039fe4b62a29452dff37949e356b3baed389a376e6b51192809dbf40
30f5366a61da542dd959a186cf9ae3cbc13efa1d66fcb67631b62cfd8ee52612
8e5e8bda1605fb29ff06b1fc484c6d0d16c0ef92a0cc5567a5f082b9e5bf5634
e3845082f1e4162bc8f91eadb13e63a07d7b985e7322144c0867f364157ea490
ee5b590a1cdcf73ca79216ed770d5fe7d982c812eb7afb86a2e4f4ffda1319a3
4a17d2ac4d53a35e42e4a0ce9aa9e379876f5f961cb4f3a11b789a393878c4f4
a7798c3799df802359d6e7b182f374d413c79ef844097c3f0ae07f9557417a88
149e9d049c83abff4843e0fab7f6cde552aef61e32a53d61e76f6c5adc3db25f
f6b10c59c9ce33c5c8f6b02c3293fe5d479e59542698c91b15af74bcce50ab8f
6ff9daa15f841bf3600d5a9174ab11b921ca8e8f1c9017a1c18afeb514c0f72e
61e7d79adc7462d205a363d9a925f3cb994ffc42c1aad00edc034501b2be5a6d
2aef241c8c48579042670ef2dc6f1cf81fb9b83528c00332daae95950e97dd41
c36013e4224ff11ecd2d2c1eeb69830211e2cfedc94260678ff9ee16590c89dd
4e31d493a6e64c76ff10026b147f95c6f2982860609803d88c8738a26fa3309f
00e69bcba637723de4f9a380800be9b813def689a4d150e0879ef43e3c613361
9d381423ee9f27108e8df36d255f1cfa33e6873ab0d7827d72b47d548293024b
4ba298859e61cb9c39d9d4a4d556fe6357ce0901d5d4ac6f78e6e15ced75cccb
9598d353175682d82d7bbe9eca3d48c97552db2718e77007601f80541b7c8afb
82456f6e550951ab6a0dc2cec4f2b5dc7cdf7e55170afb0589fd01196622e98c
ebaad7382547ccd2a7122e2a991e0b5fabcfc49823e258eaef1c2c57062321a3
8a29c80b0cd5df46f57f94c8934bccb49663e1c2311670875aa1ac48004fbea2
705bc7195bef7a1304004fcd66143fb2943dbc338b21638f4f33f828c31b1e2c
0b9ca6e1597ec89cc959fd7f59820216473675c4178cccc5a533551ab8a61099
7d5c964e4efa00ac05a78f01a08711b4a5be766cd315349df6d385429daad481
e90ec79bd12ab12fe9f1fa7cf0d1914d9c1e996fb779ed3f034601f53512dbe5
49a55a9e822640f53c209e628798a3ccc239fe69af6a690afbd931dc4d7564db
a5ac0dfa706e54b84ea190b833844df140c4d656539d75afddc32d3169869ea3
621368e2459b29bbeb8c83f9154fc48b4461fb687f45888ac8b9b628e3305205
82f800b2cd609858f78b1014e5fe5729059cf520d598aa99d22b97045853eb38
9b68bcf4e287320a6e257953091213ac7e016d7aabc63ee02b0e73e75a782150
451c0c00543d2e11080b0f769b081c95a2a4badaa6604ea3bab382e46326c262
42c3d510fa655fa4f20163b69172a6dff1e990e8630fa465c4cb01c47f50cefe
ee58fa913b4f5d0527453664b762b848404c19c23369ab6c4c893d55adbdde4b
b54e60c9821848c2ed3555992e7a413738176ceee30700fb264b0cda23b6c541
307e36dbfa77c7fe9d4ed5cb61d36a4fada75e7a2db52db3e1df80d222f768d0
5f76a4d34b1fb70d631c3e36bcd0bee199705cf4c15dd6d101246601e702bab6
8348a12f9db7da150a1920718df15448bc7fe34dbe4bc8b788f3d269f940fa3c
6a0b8f403b660202a6d599aa998802af71064fa3cdbbc2377b75885149cf1773
b16c9c6b0d2c5e04fd3d3bcfb9f9a8712502b99a1fea9edf9a2ff1dd1cc8ed41
9f124cc051efd9492f53488f2a60642d552900fb0f70f465e520fee11d60b481
89a1c02dfeab17d26c8a9664588550de3cf2ab3e91cc6c41a89b27daded1ae28
7e2d3731c940e2b0297361d6e75ae67e07b8018ed028e55a04be3cafe84ee99a
3ba9eab166460c7654150897e277fc794361493b3d4e4edd917e0ab22b6dbe6e
be358903e08c518b81313c4cfde845b466a9d638d6924f463b58341274154d10
b2865f04239ad453c02b1baa8aca4f44e9e5d3326c6915056781cea7c0bc733a
d5699a87bb3c073649f980158a31bf8975bdbb0ab51b06c9b0e82d6b2f0b861e
f2b8ab95d31e2e8381965f6ca4f2f1cf6226e11604375733bed3bc59334dfac0
9411c6d5c0cfddb961ea38414e2af007c8399d93962057fd1e340478565a8b85
79216525955a188f2a55f94514cfe9b9c0c1ce1e116d930cd9c5600dfb46ddfd
c1d29284b6d4ae244712dd49661841b36a6de2387cad6ab55388b22769151878
c39791b8b7ee23adde3bafbf1e5c6acf5c08f94137e2ef8b59a04b6d8760c79d
4cef1677e5e896054778060ec165cb35bcc4c923a38ea7eea43609dea20492f0
c03858657307a20f2da776ba010c76495276e80306c19b70f44342c8bcaece85
3796fdf35ca6c4557746dc1de61e477fe9972bc44a2fb23503e302c27fab4335
0117ba3b90a77a00da548bf15490d6623de69e535d75fbbce8279b91c82f5ef6
ee66629e98c3278017e7297d3b2b57aac9783a51a46b34046ccc866d10ba4f3c
58bff9dfeb9660c884056b2ffd90e796adbc9e6e6d5292f39609b153c4e2acc0
62ce4e89f91a70f82f5a61bf76c4ab592982f761eef609bd7ea7b196f9415e83
88cb52ac93a1552b61addb60481cacb4fbf6dee7f8d307ff87009e38b8e30088
1805439355f48464312b4f9c0e16301c5f211c204e197c2000e7342c8db95c00
9c91a1b8c4da2d7588f3aecd76cdee7dba24d95f0874f79fa711c0b0a490e273
b0ad6f779e4a72a0e75bb48eec11e8b2f270c95078054e9559505efce6a25c8c
8008ab1db4e5ce83daea144f7ff2c2c81f10f73843fc1ddba4040426a54fd1a9
2d05c9403bbaab8471cfcc838fea203af7fe69c53041b3320585418d3134c9c6
e346a199826939f2970cdd5337010e08cd761c0dfa35965afb404a04489ec0ed
2de9fa092d7c352b538462db3b0a9aa757924ad55383b24a61e797cf3cf08372
b4a76ec2287a65963ea978ae7911b8c42c3411a21c995463985599d975e9960c
b449b20b95c94cd1dc77a0edbd7eb8c183392ff0bbb53f2ca374d129f5ace20a
a3b66fd528f2728fad40ab4eb46c8f1fba303b2c3ca54088fff6223da96c483d
26321ed18abb4d44668e157dcb9a123debe3b7477d95055d20e5f5d997bf60d7
d74b4f0d1c183d485ec71cd226c4fc8e09833fea51856c27d90361c50f39a8bd
005c64147fc04f24b4df3c60be59a4bbfb22066323d269cf10151f25b9a6209a
535a76b11d8e55c1b67db48a5e19521233c2a877f83b65fb6e7edca3257e4a55
b3ecfad7812c038effe03852fe7794bd52d291a97d858245c48ba8fd8408e131
74b5c4b71fb6634b2db9c8501147f6511a376d39dacdfd862d5cd41bf2a7cb08
314295f50f19bc76b802b15a0ec487c50749dc617d48ea91b129ba699e01ff31
95107cbf8e5e80e92bec2ad6da134b55944850fd5306f64efa56cc9dea4a817a
57cf5bd7898d781534ee364e34449af06a9e263b91a4a468aa26098b829942a5
9a32df235b0a6dd55cce4b65a798830e32110264a8e09d578714c0c7389fe7e1
c00ff750da6d963181a49a76e0ec0c39bd58fa6f8926227543c3d65246ac4a17
a9b2c3cfd1964fc818c4ba2955f17482db01a5e6130dcbdc93272c34ddb31343
91dc640360851a1e69261fe72d9fa570a73e6d9465c8ebf971dbe840493b890d
0211ec291040f1e5ada7c762b20df963381cae88923e3f103d588a382d3a19f3
4bfcba248d79dfd6c2cba52d7c9ee18842f007bfa0e3ba99ababacb4794e8c6e
ce3ae4549b58a5304de4c262ac272aa5da715b63edd796de299c861330a4a8d6
a0a4a86c7a612d31e6470cbe01693ccc6190d4aef4cda0735360cc95194708b2
6d233149cf42f476907c45a4e63329d00af0c78d9dafe6f9cc5a38784206db02
3ddf341bb96d5cb94da122b59b38d655ebd8deac277fcaa9244246f7e131ab04
c1c2dca754085aff5214da6e196b7973da114eabc1632d077a505504d950acaf
2f468583af58180a7ce4fd6ca34aeb56bb7e7fc2738d1ba6df62accfd61bd3ec
6c22578a9080fc7f38d949df46f1bb88f386fd17ad76d78cac31e5b7782a2685
3af587731a4050cb520beeb1b67fd2d0654db2edf3968945419218b85461b568
4a842606d80e5bc30a9817fc11877889b24e3daccc2ba7ea0711d5c259e70226
8c276db9d256a4ec6df10a663fa13ad291832b41fdf915aec25bc4fb31174520
87df6e5a5e0a50b6d49e15500f70588476991ef2ce6b6a745ab5164314a34fcf
c56b0068b210b206f7c93062eb115654919ea50fcb21a35391b25e33fcf92af2
48e087544d3e050da9c8e86b2f18636ad1ef475d158f4d0c1eb09b7fdaa21dcc
ebab7ddccea1d6b5a5d4e69bf2dccd2684fc00f5955ca5e6bc5bc51833247232
1e4d548172c9ed335ba2d27c2476d9bd8751b1a50361fa27b5ebc87b5a21d9fe
e1ebcf818a956afb18a8d62551d16cfbe7876894dd4190bf7f4ff4565b3d2c74
a317bcadef76feec57223d92244a322eb4409990808a7bab96cc929fbc4a7164
70494a9ed1d509c12c48aa4dc68f06f73bee77a18a625b576dd515e9f4e0d6c3
058e2c02b8cfb93b480ea8cfac08e967b39631a579256ebee27fb7472194c1ea
9dacb1dfc8347248dffc1a1bfcbf07060bc5fa5700f24558487083c4e3001029
a920dfb486d57b7d60d6bad4643d4f425802ce9ac8c520f9771d6689b65ffe80
2634af4fb7d0c056e1f96809592bfcd3ee9f3fedf0ad52f9340b67d3b67d9f0a
0f1d6aab547ceca6e71ac2e5a54afdaea597318fe7b6ca337f5b92fdff596168
71a22bed7ab5a26158fc1cf1b7bb87146254672483aad72736817ff16e656c7b
8ebd2e57f1a64a6d1251ccdc21eddc4dc7afe05385dbf7123bb5e291d94437c2
e49189557147abb38b584bb167b436947cde7bcea7ab44815ebc44c4f21e1870
dceafff25f376bd3883f15c500fbfe369b45821fdbb0e34caa0bc715f5e34ad2
03f869fc2438617cbd973ac052b07fdef9b3f5d67e0df12a2e43307b6c477db0
49b88f74282203ff9472be70da1695613b5516d0531c3e7a424f9de8cdb19a0d
a9b8879292fbf7bd63b7880cf9e1084040aa1c9adaf0b0f2d05e721696aae161
710ff75d5a2cbf5c03f0d614b6be6f7a74c32be8108427648445ea1acd8a3cdf
4b18e456fb558a50380ebfb7c02fd98814fc4b41aa0f3a62c3286b633927ebb2
84dbca2e531d9204bc920e15f1764606113509ba358c1fea1df10ef8cf457351
691c9052e43556c9e4fbbec1db2f27bb448bdc3ee6492a648ff0a5b53d35b5e8
1a9dc2fbfe2257278e6452872cdbd18c50bf5c7142dd04c772f1633a7f20fd0d
532c53d2a5602525fef8ca7c49a3e3990bb352f8a07373e599736dcc1174ef96
e207ac84a52789e4f93b901bdc24a0b9930759d50aab651cc3d5d1f3be7a3e44
0bbff62a45fc9776575ed143af2d7db332e2781d7e3de56eb3ff48c25d0c7b46
f068cde1b80e9acc6043f24115c61b71d9badd63535ba1e08f8ea41fc378be67
aab512030974507c73bfa580ea67ffba4629ea44ab61c60ae0b85560c97e1867
01188fbf53b8744fc691385286b90af699970de02a6cf55f9da86b1c27d53f37
d2da6a437828e06a68fb1d9ec12df9bccd142b5f5fb0f489efb2234092887dab
782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
da551ab6e000732499227a67f2be68d1256b58d95963a903cc316e2730db9d1e
54c028b0bb2728975b22d500df2164a3218670a3db6cb8a9a31654fdc2b8a20b
fcf8b6406f92a604fa5f8972fc48e55c1790a63abbcb72811984e35515cdf058
d3d5963442e6c36209ec3b38d4e16600283423af9c2a212291bb6cd7e8a837e7
c3e019a0502617286408630187c0e19eb146ee3d70e0b9e0390d9e3763e041bc
6cc902a129311aaac4f40644029251ed2fc60a9138cb705d85e556deaf5d5cff
a3f21e7d47d2f78d8487048e2b5e24f6e9a8279d18261405eba4ce33aa98bb17
5d700fc9a4aa2e6fe9df0c256f429f8a2ff303b4edd3bf496b730439b15e2017
54efbc967b2433aa4d3300c7a0366f23e87da1d8e00edf4087dd4b0df34c8e41
cb68ffe5da24d5fcff1699198094954a32185a05cd8d5d61c85ddff66c066a46
0194a7dba29d62fe979b70e944ca6ace74beb02c29aa3217099e6db896c768f8
21f3851df5c3487b850c88275818072eb000857423f72608b0708b53bb3bbf64
60de37f8965472ff0581e060db7950e8d198495538822fa5866c0e7ab8f787e5
198596f7bb8893e68b762503c8da049f8b263b3c7e5b3210bd7eb1d5c89d7c10
9307ca0fb898698d7bd9691885f4906233821a5ea65fd882c38e4b02e79da6fe
fed673ec9b344292155fa81c6339ce0acd7c832b561a9256c5376d2b8fc1823c
86c1673543da8b4d4d48dfa2e244deef173c3b6e7d5c0fab49b4c3a1ba84dc7b
2b0955e7f2522416b0b3612193de1d962d1e14135de76b5bed230c28f4eac356
7fed8bf46a38e2137c71fc6321a677baac19dadada52490724eb94f0ead36ad6
6887df1574fb46f18f7104d39016288cda522e4f12fa62684abd79ede10be6cc
fef63e35d792b15a6c741896dc2998e9d359ea97f3ded6b4dd48f74ef48ebc92
38ab71edd7d7bea5523ed8b92132d478b3908985aa7c8e1795982e611b33e445
c63b71399802b4e604af2072be8478de196ff17458567af2932efd63a2cf2641
0d7e42be68fac7820630de7f5c40868bae2a9c14f1436968ae462ee1d46555ac
bf90356a990236ed0cca1408f0c6cf4fe6cc70aad795ed254f69e29036ef5b67
f3f29bda95399edcd735bb64133d3dc5def59daae166c10ce983cd6aa3887d75
2aa789a884445cc20d9911635e40580f50fd9bb2c1408eb6e0075240ecbb4a65
f48da598062316a0cfb08df3bf30f916635a9ab3d76982c821bd9973aea64023
7c563e7249a222861f18b8155e331465ad1989f4a794b6d8dbdc95a146c9b2ed
def98259bba7c128a22dbb9100a3e9512911d9775ec82175f8a8a3c26b993dbf
2de12846ff14d4cfa6de2b49b16ed9a9352e1164dfe9c5af84d07c6b11b41067
817b107280c2c8c7996f811be94b696d978fbfa943a4d84b2f95486190e2335d
716d1d177e45a0ea675d274d582ba39a839d749e48709ce25c0ec0df77f0e073
2fb2a47cf39a1551639d130205a1557a45600f3eb8ecbec658c16c477a476f8b
d7cff825f5646c6193712cdb25d267850b3198db1b8709f0a411645f0763f9e4
0eb4708bc1ecc868a3247cea58065db54315a8f30047b6e2c7cfc4ef4fa7f6ff
ccd665e0a79f33c8823d9a855c722c496a8670c05d559254460e9c304daea4dc
1d9b47e8366507c23d81a11dfbc4f5e54c95f6a4b778da0c5990feb28751bdae
9e79e11cbe6aa1007eb645b8da4dd7ce5fdd9f3f2b7f4b19b3f89802c164f253
6ff47485544ecf739493816572006c668a31401f0620daa135b7c7feccb4a845
6bf1d4c59a3f39d888bd56464c6fbe1b3c3710abc01fa375351e5175f2b9fa45
2009d690b1953fa11543c8b7003cbab8bd1c84c2ff67947f65fb6d321b8b38f7
19faa35e4a88f88a37632b1ddb78318c66f38210d7662c4a0103f8472c518c30
4d5c94ee188d2b20cc91fa680b6a81a59a61ac93fc7e822dcd58be0310fd7768
ac5fa0b95eb652ea20dfe2764447f4dd75e33036c9ed1ece7b27acbf58b3d476
c4a1fa419e1fb2cb82a669adbf1e4c1236101a9733d405b762324aa4a4ea8281
887a04c14e639bee44b1ebe4c110004818f8f33d2fb1ab14e88fa25fa44fc88a
27c7707f233afac647ecb4e9dc4f7bbee3bcde358832b8c09586d9006993bfd5
cd6b5814bf7ec58c93e212db21c3045491b15683d6b9a1b4a47da4837ca991b0
26053f3d63255bbc73f31dc611c7ef63cfd75b28dfd800bc7b9a11bb578ed89e
ee976be94fb6437e5309b6b99354657e401e371aa9e17f7665f60f8474b74dd8
0c7b70edd8d840be99456cf9e35ca9ac9e341b6e83875745511d60da15661a6a
a6bc2fb206efe4340b16945ebebfeb7e30bf5d3cbad01eff2ee26120febdc627
b41af469b3606ca663b503bebe27ccbab1895b2ccf19e33fc26a38a243b44514
d5fb06d1399ffd954b8d1dc1bd81521c4010acc244cb8bf99a8f9c83697e332f
aa4adbda7daad239a268c41c7735506d3fa7e65eceed44c72f4970696b68dbef
ff9c7d024d2c1e379be44e420c9061d29b335a367492d6d7ce957a8a52628d3d
ee5c5ba42032ee6a64f4fe4e3bf490c96275a6e4f7f53299286357f5c0adbed9
eda128c2be30349721286d162089e9bd3d4d956e06c902d25826a6364c641404
ea90b2b47e8d066d16c597cc1db8d77734d2ed209835e836f5aaa0c6dc2d5c93
339d2c7c00043ef1ffa01080771fc2392d4b693dd822370511201f5bf0f45f28
541705f1e268cdaac90869bb557cd7b15c29cf6c01ca2ac6fd17f5e3953d394e
5210d712006b4a9f71bc3862c38d09dc2f65b27e35629e9e1192290db73be935
2d487e83f730e2f03f5a39cdaf7959597abcb588533f883ae6b02eeeafe1fcf4
b56604d2a0c55a77b35a3cb6049b12f4dc2bb964f965b90b9657a00903e0d417
f99a35529d49c648c01518eb567398141b2ad7a809f88618c75b6f637cae3926
480a1166729945af333cf8a6f5d51a4ed13ac5e4af1487ecea6e87f7aefbf656
ac7c3c0c3906c4d93e34b91fa34941277f044ac26d037c113c9756a4f18619dd
677ce0d368b44c16550269a5f337c5d8c67cf025664c614ab1add706627b0594
1ea022e39cb9cf37fbfdc1f6b2b4cd2dff64793c981312963894ecf2d34587a9
de2aae7cad657545766fd4b88337a5474434c57006e56c149bd2138fe6b035bc
a22cff1b630771a330a605a71829ad0a113446b40a38044b5b5ce55df6cc2fc8
1494410b9ffbf0bbe4efe4048c41afef4cc75c32b16f9450485e5f22f298fd3a
2688dbf43420b3799d79c51e0fc776d7dc840a2eb925f7214cdd17324b0798fe
741c421367b548b8b45e8ddeb4e8fb735c7b1bd22d4c557841eb299bc0db4bb1
SH256 hash:
782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1
MD5 hash:
c7988c8d4e55ad226772a31c158747ab
SHA1 hash:
d7e2f3cca3d7d92eeaccce51734999a734321825
Link:
https://www.unpac.me/results/4fc95103-9a7f-4b37-b726-7a5ce114be6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/782cf5337d8a428867a0ab13d474628b427dbb1164d4449f7e8dc96bdab3c7b1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_NanoCore
Create hunting rule
Author:abuse.ch
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:malware_Nanocore_strings
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
Rule name:MALWARE_Win_NanoCore
Create hunting rule
Author:ditekSHen
Description:Detects NanoCore
Rule name:Nanocore
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
Rule name:nanocore_rat
Create hunting rule
Author:jeFF0Falltrades
Rule name:Nanocore_RAT_Feb18_1
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Nanocore RAT
Reference:Internal Research - T2T
Rule name:Nanocore_RAT_Feb18_1_RID2DF1
Create hunting rule
Author:Florian Roth
Description:Detects Nanocore RAT
Reference:Internal Research - T2T
Rule name:Nanocore_RAT_Gen_2
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Rule name:Nanocore_RAT_Gen_2_RID2D96
Create hunting rule
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Reference:https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:Windows_Trojan_Nanocore_d8c4e3c5
Create hunting rule
Author:Elastic Security
Rule name:win_nanocore_w0
Create hunting rule
Author:Kevin Breen <kevin@techanarchy.net>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments