nanocore | b923625cb15dc136aafa2fdb4f60d61ac0ef8bc1916c0f80b274401cc17a9848 | Triage

Sharing

General

Target

Doc-invoice_45679.ace
Size

18KB
Sample

200402-dxgfx1df4s
MD5

3efcfc10c7d4ea126d2709b963e3001b
SHA1

51152669ae33de719f7872ec825930d75b923e26
SHA256

b923625cb15dc136aafa2fdb4f60d61ac0ef8bc1916c0f80b274401cc17a9848
SHA512

1b38d50c392b3f456e2e0f228db13bc1a7f59acd07ef149aaa005a3cf61791484c5a2b7696d4356a19df3f5fd4111b6235ef75c8e2b63a6f590380efdfb6f66d

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Doc-invoice_45679.scr
- Size
  
  48KB
- MD5
  
  8d63a034dc479474b15591c672bc7862
- SHA1
  
  f00bc9067c435c6f3a64b6018d6162b9de3b6e1b
- SHA256
  
  d5e253ecf8fbb46ea6a9e9e194dac2738d6f131d32dbb6105298e51e25f5d396
- SHA512
  
  698ede5fe124e61fd93ecd44fa7011dc8663d9197d81e85380ea9748a32998d68e57b089f495a8a0c3317364c2b7dd3f2eaac7eeb2fea4ee090ffb404b919ae8
Score

10^/10

nanocore keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocorekeyloggerpersistencespywarestealertrojan

behavioral2

nanocorekeyloggerpersistencespywarestealertrojan