nanocore | 3513df7406eef953434f0c75bcdf33c112ee42d6f81edb1928d1e008b691d703 | Triage

Sharing

General

Target

f2651b458654fc1799efe0c9ab71fdbf.exe
Size

956KB
Sample

210118-satbd5a8qx
MD5

f2651b458654fc1799efe0c9ab71fdbf
SHA1

acb40c16a5163ccaa66a5a86084005d696fd590a
SHA256

3513df7406eef953434f0c75bcdf33c112ee42d6f81edb1928d1e008b691d703
SHA512

19e1a21a15391eb6d77248d3bb4d0bc8ce3685b718a674eea627166b59e9edc3be69cc99eae1885c054a5f52eaa3a130383cd3757247b08b544eb97677ce55f2

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  f2651b458654fc1799efe0c9ab71fdbf.exe
- Size
  
  956KB
- MD5
  
  f2651b458654fc1799efe0c9ab71fdbf
- SHA1
  
  acb40c16a5163ccaa66a5a86084005d696fd590a
- SHA256
  
  3513df7406eef953434f0c75bcdf33c112ee42d6f81edb1928d1e008b691d703
- SHA512
  
  19e1a21a15391eb6d77248d3bb4d0bc8ce3685b718a674eea627166b59e9edc3be69cc99eae1885c054a5f52eaa3a130383cd3757247b08b544eb97677ce55f2
Score

10^/10

nanocore keylogger spyware stealer trojan evasion persistence
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan