nanocore | 3b3be23bcf96a7ae69c16d1e493b58c600afc17469dfe37ee0986230e458a876 | Triage

Sharing

General

Target

3b3be23bcf96a7ae69c16d1e493b58c600afc17469dfe37ee0986230e458a876
Size

523KB
Sample

220703-vqawzahgaj
MD5

4cd23351cc6d22101b35a277f153254d
SHA1

fde0ef944468ed7ac67301afbd3a817bab2d0c68
SHA256

3b3be23bcf96a7ae69c16d1e493b58c600afc17469dfe37ee0986230e458a876
SHA512

fb086e2d6e50af53141f303a9b413e19994ae552750481f466b897bf8962d749600045ee31d95a03d2cd7b59b7f05780a9a1b580b94f45de51355f8bab09e0c8

Score

10^/10

nanocore evasion keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  3b3be23bcf96a7ae69c16d1e493b58c600afc17469dfe37ee0986230e458a876
- Size
  
  523KB
- MD5
  
  4cd23351cc6d22101b35a277f153254d
- SHA1
  
  fde0ef944468ed7ac67301afbd3a817bab2d0c68
- SHA256
  
  3b3be23bcf96a7ae69c16d1e493b58c600afc17469dfe37ee0986230e458a876
- SHA512
  
  fb086e2d6e50af53141f303a9b413e19994ae552750481f466b897bf8962d749600045ee31d95a03d2cd7b59b7f05780a9a1b580b94f45de51355f8bab09e0c8
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealertrojan

behavioral2

nanocoreevasionkeyloggerspywarestealertrojan