nanocore | 3ccb4fad4406aeb989360699af86ed13a3208489b9ef8cdad6a72cd697c07d8d | Triage

Sharing

General

Target

3ccb4fad4406aeb989360699af86ed13a3208489b9ef8cdad6a72cd697c07d8d
Size

510KB
Sample

220703-fzbgjaada7
MD5

957e18954ed0fbd41b63599b2372341c
SHA1

cea205fbe852c0f66293fa384c485001166df44e
SHA256

3ccb4fad4406aeb989360699af86ed13a3208489b9ef8cdad6a72cd697c07d8d
SHA512

48718bcbb4883561df6eb196df6a19c0873dfc3e994cc41e14238e246ed90d0671da8cc82f2c155842e003d17ec2e95a335ee3876614786672b253f15214c5b8

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3ccb4fad4406aeb989360699af86ed13a3208489b9ef8cdad6a72cd697c07d8d
- Size
  
  510KB
- MD5
  
  957e18954ed0fbd41b63599b2372341c
- SHA1
  
  cea205fbe852c0f66293fa384c485001166df44e
- SHA256
  
  3ccb4fad4406aeb989360699af86ed13a3208489b9ef8cdad6a72cd697c07d8d
- SHA512
  
  48718bcbb4883561df6eb196df6a19c0873dfc3e994cc41e14238e246ed90d0671da8cc82f2c155842e003d17ec2e95a335ee3876614786672b253f15214c5b8
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan