nanocore | 2566f959d6a3c6ae95c894dc9001f2e9987975025110cface20e21f1a12a0b79 | Triage

Sharing

General

Target

2566f959d6a3c6ae95c894dc9001f2e9987975025110cface20e21f1a12a0b79
Size

158KB
Sample

221123-lpedbsfc9s
MD5

5a74edd1b66b301fa53daf8290a22df4
SHA1

e80019e093b9ca08d7cb6dbe1b5d73c7ff133924
SHA256

2566f959d6a3c6ae95c894dc9001f2e9987975025110cface20e21f1a12a0b79
SHA512

f15a6953f9fd110838ff37c7b68d5803c70f85499bf0c2905580ba4133a74c1821c51cc743ac512bd7c45d1bb80b878319ee6919dee864989e3aa1da6813fd75
SSDEEP

3072:S5Pto80z+vFMCnOzS9FL9sGR2uRyR7QPMtdVfuDZmXUv/KEs4aYRqfE2:SM80mniiLU7QPerfuDZ3vyeRqf

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  2566f959d6a3c6ae95c894dc9001f2e9987975025110cface20e21f1a12a0b79
- Size
  
  158KB
- MD5
  
  5a74edd1b66b301fa53daf8290a22df4
- SHA1
  
  e80019e093b9ca08d7cb6dbe1b5d73c7ff133924
- SHA256
  
  2566f959d6a3c6ae95c894dc9001f2e9987975025110cface20e21f1a12a0b79
- SHA512
  
  f15a6953f9fd110838ff37c7b68d5803c70f85499bf0c2905580ba4133a74c1821c51cc743ac512bd7c45d1bb80b878319ee6919dee864989e3aa1da6813fd75
- SSDEEP
  
  3072:S5Pto80z+vFMCnOzS9FL9sGR2uRyR7QPMtdVfuDZmXUv/KEs4aYRqfE2:SM80mniiLU7QPerfuDZ3vyeRqf
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan