nanocore | 47534a4dd4deb5efd05fa32f8cc49b911832a735f0c1500e5d8de2700690f355 | Triage

Sharing

General

Target

47534a4dd4deb5efd05fa32f8cc49b911832a735f0c1500e5d8de2700690f355
Size

544KB
Sample

221123-rr33cshd36
MD5

05fd0b57f4e2433c6ec515b40a0a9ebe
SHA1

f18e540f9b20349bd431d78533e5ac8a40ae3ea2
SHA256

47534a4dd4deb5efd05fa32f8cc49b911832a735f0c1500e5d8de2700690f355
SHA512

4bc0a0c9fa06dda684621e670cb5f18c055187d3b535fec7955bb571ab7db151c0c60557814a96871eae42b687f3875efd926666edb7876a292bb7096f5687e5
SSDEEP

3072:hqIQi2PAheBsUKTpoUHf0MeaiuVXk6QP9GzeQlufXATUDXxK6JK8v/AkwbiCD/Y9:voAh3TplHfMaBi9GzhurxLNm9K

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  47534a4dd4deb5efd05fa32f8cc49b911832a735f0c1500e5d8de2700690f355
- Size
  
  544KB
- MD5
  
  05fd0b57f4e2433c6ec515b40a0a9ebe
- SHA1
  
  f18e540f9b20349bd431d78533e5ac8a40ae3ea2
- SHA256
  
  47534a4dd4deb5efd05fa32f8cc49b911832a735f0c1500e5d8de2700690f355
- SHA512
  
  4bc0a0c9fa06dda684621e670cb5f18c055187d3b535fec7955bb571ab7db151c0c60557814a96871eae42b687f3875efd926666edb7876a292bb7096f5687e5
- SSDEEP
  
  3072:hqIQi2PAheBsUKTpoUHf0MeaiuVXk6QP9GzeQlufXATUDXxK6JK8v/AkwbiCD/Y9:voAh3TplHfMaBi9GzhurxLNm9K
Score

10^/10

nanocore keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorekeyloggerpersistencespywarestealertrojan

behavioral2