nanocore | 17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48 | Triage

Sharing

General

Target

17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
Size

143KB
Sample

221021-yt1hksdda8
MD5

917ab8733f840d052d552bb3766fd926
SHA1

bf71e255ec62cc497796e4a030f221407efeece9
SHA256

17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
SHA512

56f533cb1fafbb647510424d4affd6dbe6725d0350176086db41ab8b51998efeeda2a03b8458e35c7a8aef86177aff7138f732aa89e702ffd9cd1c61f366fcc3
SSDEEP

3072:runHgXqb+ixUyl/Gojn3TQNh71B3JkLrB:Y+Y7njn3Tst3CL

Score

10^/10

nanocore evasion keylogger spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Attributes

Targets

- Target
  
  17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
- Size
  
  143KB
- MD5
  
  917ab8733f840d052d552bb3766fd926
- SHA1
  
  bf71e255ec62cc497796e4a030f221407efeece9
- SHA256
  
  17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
- SHA512
  
  56f533cb1fafbb647510424d4affd6dbe6725d0350176086db41ab8b51998efeeda2a03b8458e35c7a8aef86177aff7138f732aa89e702ffd9cd1c61f366fcc3
- SSDEEP
  
  3072:runHgXqb+ixUyl/Gojn3TQNh71B3JkLrB:Y+Y7njn3Tst3CL
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Drops startup file
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerspywarestealertrojan

behavioral2

nanocoreevasionkeyloggerspywarestealertrojan