nanocore

General

Target

88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
Size

372KB
Sample

221123-q2bv7aad9z
MD5

e0a53248959cc237d502045760eab3da
SHA1

f2747b669016607a3b44bb15be395b4d06afca31
SHA256

88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
SHA512

ccc48f7c9618939dbf176869bd73798e6ea967a7c12af6750d159dc89dca17714d48e59a0eb2b2bd412eea112f486acb66fea944f98c2fa87ebb9c341cd77a6c
SSDEEP

6144:ciJB3eMyCkgJeNXXr5k5MhPHq+pzQAABAh6Sn0/8163IG3vnpvSd8tnmTx+:hnOMyCqXre5i6AA+c81X8U8tn

Score

10^/10

Malware Config

Targets

- Target
  
  88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
- Size
  
  372KB
- MD5
  
  e0a53248959cc237d502045760eab3da
- SHA1
  
  f2747b669016607a3b44bb15be395b4d06afca31
- SHA256
  
  88f91655388ba7e3f8c3ba4df516adecf49ed1462233ba84b4bf5a2361d784ef
- SHA512
  
  ccc48f7c9618939dbf176869bd73798e6ea967a7c12af6750d159dc89dca17714d48e59a0eb2b2bd412eea112f486acb66fea944f98c2fa87ebb9c341cd77a6c
- SSDEEP
  
  6144:ciJB3eMyCkgJeNXXr5k5MhPHq+pzQAABAh6Sn0/8163IG3vnpvSd8tnmTx+:hnOMyCqXre5i6AA+c81X8U8tn
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2