nanocore | 34915a0eded4e59cfd552ae7724e99584ec58f24b8a562fd90aa6dcb9397a019 | Triage

Sharing

General

Target

07653FD9F64401F9F1696F4782C926F4.exe
Size

1.2MB
Sample

221001-sefa7sgbg2
MD5

07653fd9f64401f9f1696f4782c926f4
SHA1

aed898c8d28306aa28785004252b81144bb73676
SHA256

34915a0eded4e59cfd552ae7724e99584ec58f24b8a562fd90aa6dcb9397a019
SHA512

96178c05a5f78f3c132e9634957194c4d90bde07413ffd086de05ad3b638188132c40f84112949ab31818ffbb578980f99a938990846ec70061d5513732894f0
SSDEEP

24576:wUelzt/bfQ8OBromXFprxo3FFkBuK/qI/nJi6CYyHFBgsnfLum9My3o54TRM+:4xUC8FU3XkBuAdfsYybggfL/Gx

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  07653FD9F64401F9F1696F4782C926F4.exe
- Size
  
  1.2MB
- MD5
  
  07653fd9f64401f9f1696f4782c926f4
- SHA1
  
  aed898c8d28306aa28785004252b81144bb73676
- SHA256
  
  34915a0eded4e59cfd552ae7724e99584ec58f24b8a562fd90aa6dcb9397a019
- SHA512
  
  96178c05a5f78f3c132e9634957194c4d90bde07413ffd086de05ad3b638188132c40f84112949ab31818ffbb578980f99a938990846ec70061d5513732894f0
- SSDEEP
  
  24576:wUelzt/bfQ8OBromXFprxo3FFkBuK/qI/nJi6CYyHFBgsnfLum9My3o54TRM+:4xUC8FU3XkBuAdfsYybggfL/Gx
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan