nanocore | 3bb2c9c9812f35fa3d3e65b21d0e5a1ec441a7b7dc8d0ed9123fa9f72680686a | Triage

Sharing

General

Target

3bb2c9c9812f35fa3d3e65b21d0e5a1ec441a7b7dc8d0ed9123fa9f72680686a
Size

492KB
Sample

220703-lypwesedcq
MD5

46caeaf0925af58c885c33786d96378f
SHA1

c67f333320451d118cebdd35614f5a013c44fefc
SHA256

3bb2c9c9812f35fa3d3e65b21d0e5a1ec441a7b7dc8d0ed9123fa9f72680686a
SHA512

1c388197e6370bc098e0ea15a3453f51766c6864823190ba5d87764cf97912ccc30319f5fd11125d2553b1007253a0357ae15ac120e990f12e2581250f617793

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3bb2c9c9812f35fa3d3e65b21d0e5a1ec441a7b7dc8d0ed9123fa9f72680686a
- Size
  
  492KB
- MD5
  
  46caeaf0925af58c885c33786d96378f
- SHA1
  
  c67f333320451d118cebdd35614f5a013c44fefc
- SHA256
  
  3bb2c9c9812f35fa3d3e65b21d0e5a1ec441a7b7dc8d0ed9123fa9f72680686a
- SHA512
  
  1c388197e6370bc098e0ea15a3453f51766c6864823190ba5d87764cf97912ccc30319f5fd11125d2553b1007253a0357ae15ac120e990f12e2581250f617793
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan