nanocore | e498b7a3b8c47519121d0f94bca46d9d4f4611a348377a1070cad78745e4f1b2 | Triage

Sharing

General

Target

e498b7a3b8c47519121d0f94bca46d9d4f4611a348377a1070cad78745e4f1b2
Size

41.3MB
Sample

221024-jqw9esfeam
MD5

89556175fd38967e0cd5ff64c6ac46e3
SHA1

0ac8d346e0d28462b79523624e9a79ff3f4b44f6
SHA256

e498b7a3b8c47519121d0f94bca46d9d4f4611a348377a1070cad78745e4f1b2
SHA512

9bd2995c7cdbcf959f27397251c7ca7ee85f1ed8b446b5b1ba161a745588e3987883aca805ea4f4bea06d5a2bd944d97437c8676362547356afa1698e2cd39d7
SSDEEP

393216:rmkZWV+fhjq9sPDvYf3RrkcRXE/MgIRrkcRXE/Mg72Dve:rJZWIFDvs4XY4XUDW

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  21.0MB
- MD5
  
  8d2c812110771a601b50c35fc8566deb
- SHA1
  
  93d2c215490b9abc362e17a4bab459675828b9e4
- SHA256
  
  29dac6dc31f1359a11ebc13f86797b40f8d0c98f5f5a044541479926b37391f2
- SHA512
  
  2549842a0ed61d71e91e9e46e0ef7b2b629a059dd72c969a2a5236dd164c457bfb012efc410a41d5c88c1424d7205096fbba55f67826ae8884462b25f20177c0
- SSDEEP
  
  12288:LaWzgMg7v3qnCiMErQohh0F4CCJ8lny/QySARMgp77:+aHMv6Corjqny/QyxKe7
Score

10^/10

nanocore keylogger spyware stealer trojan persistence
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  cracked dll/amtlib.dll
- Size
  
  1.7MB
- MD5
  
  69a95e60a3231cf5ff6715a32e98aa17
- SHA1
  
  95998a498a8aa91c4cf7ccb23fc5cfec526e82fd
- SHA256
  
  e560e1b25778fa669d8d4960e2a6a847cd0a4aa5d1042527f1a4998891b37d5f
- SHA512
  
  a248b203bacb0c4ecaab2ad8961103b5115c6195e62000e6ec1a531d142c2a58cd8135d5789442b37634e51cfd15734f2049372ebfe870ad9575da2a792dcec6
- SSDEEP
  
  49152:pCWDqQIXuvGZsenvmuhrj/oOqja4LT3Ibdycl7xtGsu7W:EZsevmuZQOqm4gTl7xtP
Score

3^/10
behavioral3 behavioral4
- Target
  
  dll data/BRD.dll
- Size
  
  105KB
- MD5
  
  4d25c6ffe68dd2f767444c4a68243171
- SHA1
  
  71390b13ed224223a978853a6dc052acbd71e495
- SHA256
  
  4a3e883249c4e6514987a0b21433548f7bda8bf419b9e9896792ecd8929cb8f4
- SHA512
  
  6ab3cad97a099694d86bd5d7fcfd5ffeb94a516613b82b9d612e3df8e0e5a4fbb03f239eaec72133a63cf86b9aa3022a3ddd02365a9e65f9084614ba9e7cc79e
- SSDEEP
  
  3072:wVufqMC3mgTsiRUqYgOx0u4Ha+Oat7M/5:g9mgTsiaqYgOx0uLS7Mh
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  dll data/DTCommonRes.dll
- Size
  
  5.5MB
- MD5
  
  5db21e39400f807d2ae7047c57dd0cec
- SHA1
  
  9e65377522c06482b376e8c17be5822b357c5bb5
- SHA256
  
  6b216cbf7e4d01d49e3ccb2b48aa7758cbecef064dbff1ecbff2e674bbb6208a
- SHA512
  
  3e5fc38ae87baed136f41fa652494975a0cee1caf3a818927515e346015dbcbf2128ba58bb2a8484019398d5796fc66691e48f8268a7a6dae14224e2f85edf95
- SSDEEP
  
  98304:N7bmxVSpxCE6SGAUw8xuikmi0Xso9Gbmv43HI+uFFFdaFFFd1CuU4202Lh2Eb22z:VbmxVwYkWCbmv4Y+uFFFsFFFOuU4202j
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  resources/PIM.dll
- Size
  
  1.1MB
- MD5
  
  8a8d943c793fe03b7fc5d7b7119a966c
- SHA1
  
  1cb156d3eccec109b049bfe3acc815091080c62e
- SHA256
  
  48140a6d158c3da0e42bd745405360917241c5d52c779d97501e218c205042fa
- SHA512
  
  8de627fb8220c3e03879b7fb97ee829d87a73da6e3b05059d657848452410c5524d19553b1533cbb42410aa6835c1fc665140f6394577eb75c94e6327fddd640
- SSDEEP
  
  24576:2vHs74ORv0WoUvDvdpEoV4eta7QMFH8PqLirMAY1Y7z5wkIhDhTAZ4VU:qs74W0ADvYNnFOx5ChFTAZyU
Score

3^/10
behavioral9 behavioral10
- Target
  
  resources/updaterinventory.dll
- Size
  
  390KB
- MD5
  
  67833490c932595c1d43e4ff6af8032a
- SHA1
  
  63b51d67b5bf352612b4e6becf8baea6f6f63bf8
- SHA256
  
  25df5b89e67dff662889f4cb971ed187a5edd79cb17078034b194f7102d28a85
- SHA512
  
  2a99d2cd919a4623e6a37bfd1fe409986fc5f048abe5176037657ba58d536c14fddb80f411faf145e4defcaf48f828f346faff059dd0962e8dce0fcd674619ff
- SSDEEP
  
  12288:HEWx47pu9X6K0PtT0HOfwqevSvdvmvmNb1NPFb:kWUpu9KJtT0HOfwGNb1Tb
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorekeyloggerspywarestealertrojan

behavioral2

nanocorekeyloggerpersistencespywarestealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12