nanocore | f71d31d7f52213968b198b50066d8917142d1a3c01a744b5695f4f8b3e1a0c5c | Triage

Sharing

General

Target

f71d31d7f52213968b198b50066d8917142d1a3c01a744b5695f4f8b3e1a0c5c
Size

265KB
Sample

221123-syylwsce85
MD5

35b9c207ff1f82fe7bd44a0fdf80f7af
SHA1

8dc8fb01d24cbc68ddc3b432fe3f7656414333b3
SHA256

f71d31d7f52213968b198b50066d8917142d1a3c01a744b5695f4f8b3e1a0c5c
SHA512

316fdd87f6a6119128baa0d2a35d66618b1fc8d537b1416ba6661b4d5ab01d68c17b01ea292ac6cc6043533af4bdae81dc1d215e0bc38b400f7f37b398367ec8
SSDEEP

6144:4wX1gfiDR6LE1ueMZ02f5BismR0nCk0Lg1uoPqN6wHr4nO/d5qG:g6N6LkuDT5BinR0nuLmnqNRHz4G

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  f71d31d7f52213968b198b50066d8917142d1a3c01a744b5695f4f8b3e1a0c5c
- Size
  
  265KB
- MD5
  
  35b9c207ff1f82fe7bd44a0fdf80f7af
- SHA1
  
  8dc8fb01d24cbc68ddc3b432fe3f7656414333b3
- SHA256
  
  f71d31d7f52213968b198b50066d8917142d1a3c01a744b5695f4f8b3e1a0c5c
- SHA512
  
  316fdd87f6a6119128baa0d2a35d66618b1fc8d537b1416ba6661b4d5ab01d68c17b01ea292ac6cc6043533af4bdae81dc1d215e0bc38b400f7f37b398367ec8
- SSDEEP
  
  6144:4wX1gfiDR6LE1ueMZ02f5BismR0nCk0Lg1uoPqN6wHr4nO/d5qG:g6N6LkuDT5BinR0nuLmnqNRHz4G
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan