nanocore | 3b8aa90ed1f241485bce6c194bb553fcd8dc1e06c94ddc95e5f36dcccdb341be | Triage

Sharing

General

Target

3b8aa90ed1f241485bce6c194bb553fcd8dc1e06c94ddc95e5f36dcccdb341be
Size

484KB
Sample

220703-tlh64sgaem
MD5

124d636100ebd7a0150b180a54536108
SHA1

1961e8a42971d2d40226f9c5bc405e81430d10b0
SHA256

3b8aa90ed1f241485bce6c194bb553fcd8dc1e06c94ddc95e5f36dcccdb341be
SHA512

b55d5380f4d02881838591a15047a42c8da784faf78a0f0aa592d7c9be6aa240bd0c30fc606c018ccec645afdbd05958a0e3e3fc2aebe2edbd7a4b96ce12194f

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  3b8aa90ed1f241485bce6c194bb553fcd8dc1e06c94ddc95e5f36dcccdb341be
- Size
  
  484KB
- MD5
  
  124d636100ebd7a0150b180a54536108
- SHA1
  
  1961e8a42971d2d40226f9c5bc405e81430d10b0
- SHA256
  
  3b8aa90ed1f241485bce6c194bb553fcd8dc1e06c94ddc95e5f36dcccdb341be
- SHA512
  
  b55d5380f4d02881838591a15047a42c8da784faf78a0f0aa592d7c9be6aa240bd0c30fc606c018ccec645afdbd05958a0e3e3fc2aebe2edbd7a4b96ce12194f
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan