nanocore | ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8 | Triage

Sharing

General

Target

ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8
Size

1.2MB
Sample

220521-pd2k9sacgp
MD5

3029d6ac392a3a3ce74048c998e452f1
SHA1

80f77c73da1854ccc0da087fc6ea1f95e0963e05
SHA256

ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8
SHA512

8ecef7a6298469f8cfe14f767396ab98ed392f5b77c149c29d15539cf3983070cb56b3a40c5e8db8b3d6794e982635017e6306abd88bcb9ece32cfdf8179f261

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  PO_INV90.EXE
- Size
  
  366KB
- MD5
  
  0918ec31c64c03a628951b52d6f8fb10
- SHA1
  
  21c87c032464ffeb5c73dfc7899da4a16a8a4ff0
- SHA256
  
  adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf
- SHA512
  
  7a049054b8ec57c90ea749c96c4a9f0bc5ac69fbac8516453df58cebdc95261e9bd80f4b00c66f13c87fbc6a8397870a83d4063bdf47b07465744152df38feb3
Score

10^/10

persistence nanocore keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

nanocorekeyloggerpersistencespywarestealertrojan