nanocore | 66277a2940790dc82ed209d3cc1af94ce22735f2eda359fc7fe8383f08c5ca05 | Triage

Sharing

General

Target

66277a2940790dc82ed209d3cc1af94ce22735f2eda359fc7fe8383f08c5ca05.exe
Size

634KB
Sample

221021-cx4hrageer
MD5

eb0ed1d3d1ecdee4d44e4a19a672b549
SHA1

4b29e2c54e9a35ba92e63872e7bce4304789fe4a
SHA256

66277a2940790dc82ed209d3cc1af94ce22735f2eda359fc7fe8383f08c5ca05
SHA512

a17a1f4c45c260ce93c678b21144e2865ab4ebd2b4ccc8e6ddf9f606656ac1162845431d100df4779fbea83a8745fb79231113f6313c1b831625e077c8b998a6
SSDEEP

12288:3bjqjqjfAXzY0lvpAYPcb/6XcClGgoaOo:3bjqjOWUGJCCPlGgoaOo

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  66277a2940790dc82ed209d3cc1af94ce22735f2eda359fc7fe8383f08c5ca05.exe
- Size
  
  634KB
- MD5
  
  eb0ed1d3d1ecdee4d44e4a19a672b549
- SHA1
  
  4b29e2c54e9a35ba92e63872e7bce4304789fe4a
- SHA256
  
  66277a2940790dc82ed209d3cc1af94ce22735f2eda359fc7fe8383f08c5ca05
- SHA512
  
  a17a1f4c45c260ce93c678b21144e2865ab4ebd2b4ccc8e6ddf9f606656ac1162845431d100df4779fbea83a8745fb79231113f6313c1b831625e077c8b998a6
- SSDEEP
  
  12288:3bjqjqjfAXzY0lvpAYPcb/6XcClGgoaOo:3bjqjOWUGJCCPlGgoaOo
Score

10^/10

persistence nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan