nanocore | 0d8c51fc1cc16a6c0d77a9feccc4b0bc7f18377aaa5e7c4e6c8741d9674d781e | Triage

Sharing

General

Target

0D8C51FC1CC16A6C0D77A9FECCC4B0BC7F18377AAA5E7.exe
Size

536KB
Sample

221025-rht34ache7
MD5

a9f23395bd643b05119ea942c60332f4
SHA1

2b66c37fde67e8183486bcb83f2da603bb552dde
SHA256

0d8c51fc1cc16a6c0d77a9feccc4b0bc7f18377aaa5e7c4e6c8741d9674d781e
SHA512

22a383e10021f641cfcea23fc6f4c3dcf5d0dc8afa6193077be2a6de419ca6de7ac86565d1cece2c2539293de58b1e00b707e3e49c8cf536790698a0f086a226
SSDEEP

12288:5p/5WHwOiMPGyPDKNgJmDSQOTpVx4szLJ:PJOBQXD6mG

Score

10^/10

nanocore agilenet evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0D8C51FC1CC16A6C0D77A9FECCC4B0BC7F18377AAA5E7.exe
- Size
  
  536KB
- MD5
  
  a9f23395bd643b05119ea942c60332f4
- SHA1
  
  2b66c37fde67e8183486bcb83f2da603bb552dde
- SHA256
  
  0d8c51fc1cc16a6c0d77a9feccc4b0bc7f18377aaa5e7c4e6c8741d9674d781e
- SHA512
  
  22a383e10021f641cfcea23fc6f4c3dcf5d0dc8afa6193077be2a6de419ca6de7ac86565d1cece2c2539293de58b1e00b707e3e49c8cf536790698a0f086a226
- SSDEEP
  
  12288:5p/5WHwOiMPGyPDKNgJmDSQOTpVx4szLJ:PJOBQXD6mG
Score

10^/10

nanocore agilenet evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreagilenetevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan