nanocore | 1c55b3c97920d56dddbc38e6ba3c5dcbc7f3072792915b51e146b3dd92b3f392 | Triage

Sharing

General

Target

0e4551b1546fa898c55b2511d9fca86d.exe
Size

853KB
Sample

210118-hf8k8gvw3a
MD5

0e4551b1546fa898c55b2511d9fca86d
SHA1

51a6d274b1283640e248431bd887ef1f170371f9
SHA256

1c55b3c97920d56dddbc38e6ba3c5dcbc7f3072792915b51e146b3dd92b3f392
SHA512

ed09f78fbda757a1e154541c0ef2588bec2e6af6889246dcfaff2fa2ba78169edbcccdc1ada228555abe233d1ab69aa375288452e9cc90d7c502eb322353706a

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0e4551b1546fa898c55b2511d9fca86d.exe
- Size
  
  853KB
- MD5
  
  0e4551b1546fa898c55b2511d9fca86d
- SHA1
  
  51a6d274b1283640e248431bd887ef1f170371f9
- SHA256
  
  1c55b3c97920d56dddbc38e6ba3c5dcbc7f3072792915b51e146b3dd92b3f392
- SHA512
  
  ed09f78fbda757a1e154541c0ef2588bec2e6af6889246dcfaff2fa2ba78169edbcccdc1ada228555abe233d1ab69aa375288452e9cc90d7c502eb322353706a
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan