nanocore | 0aa169d92500c4aa835575cc17bfc48d24c38aec2335906efeb7dea7ee738eec | Triage

Sharing

General

Target

0aa169d92500c4aa835575cc17bfc48d24c38aec2335906efeb7dea7ee738eec
Size

1.1MB
Sample

221123-l22dmach52
MD5

b98f7cc3cb959e27037722baa8c65e49
SHA1

059a349af476f11733090f897f991e826d4d62c4
SHA256

0aa169d92500c4aa835575cc17bfc48d24c38aec2335906efeb7dea7ee738eec
SHA512

14e61eb0c811728e4b9569fe624b01641a7d056469fdee7bd04c295dc917be2310f3ac4f415a28eb0175ac19c5dc31719471f3bea22e28a98ebfb30c56f431c5
SSDEEP

24576:/4lavt0LkLL9IMixoEgea9DnMNtSmESivq9MmCS:6kwkn9IMHea9DnMSmEvaPCS

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0aa169d92500c4aa835575cc17bfc48d24c38aec2335906efeb7dea7ee738eec
- Size
  
  1.1MB
- MD5
  
  b98f7cc3cb959e27037722baa8c65e49
- SHA1
  
  059a349af476f11733090f897f991e826d4d62c4
- SHA256
  
  0aa169d92500c4aa835575cc17bfc48d24c38aec2335906efeb7dea7ee738eec
- SHA512
  
  14e61eb0c811728e4b9569fe624b01641a7d056469fdee7bd04c295dc917be2310f3ac4f415a28eb0175ac19c5dc31719471f3bea22e28a98ebfb30c56f431c5
- SSDEEP
  
  24576:/4lavt0LkLL9IMixoEgea9DnMNtSmESivq9MmCS:6kwkn9IMHea9DnMSmEvaPCS
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan