nanocore | 52fb1477e2d71dff42133c11044cd165757bc12772c1192ddae8f85badaa202f | Triage

Sharing

General

Target

52fb1477e2d71dff42133c11044cd165757bc12772c1192ddae8f85badaa202f
Size

622KB
Sample

221124-fxtv4aed4y
MD5

5b6299400473432ed849b39c91682807
SHA1

093fc422d89166513ad97a0c8297a203914295c5
SHA256

52fb1477e2d71dff42133c11044cd165757bc12772c1192ddae8f85badaa202f
SHA512

c9bf23d292dcbf63d61726710158f0c115451e0f656a8971843954f30674445e4236ef4b9ccd12807771ad1140efe461995de7e2431bdc6acfcf03cf0f2a8607
SSDEEP

12288:m1fJX1AUIYm9ROG1KzVI7QAAVb8fUq33:m5l1AU89o2UqQrVU3

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  52fb1477e2d71dff42133c11044cd165757bc12772c1192ddae8f85badaa202f
- Size
  
  622KB
- MD5
  
  5b6299400473432ed849b39c91682807
- SHA1
  
  093fc422d89166513ad97a0c8297a203914295c5
- SHA256
  
  52fb1477e2d71dff42133c11044cd165757bc12772c1192ddae8f85badaa202f
- SHA512
  
  c9bf23d292dcbf63d61726710158f0c115451e0f656a8971843954f30674445e4236ef4b9ccd12807771ad1140efe461995de7e2431bdc6acfcf03cf0f2a8607
- SSDEEP
  
  12288:m1fJX1AUIYm9ROG1KzVI7QAAVb8fUq33:m5l1AU89o2UqQrVU3
Score

10^/10

nanocore keylogger persistence spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorekeyloggerpersistencespywarestealertrojan

behavioral2