nanocore | 033b92cfbba3eaa6e37768562c6259a821103691ae077f3cec7327d30abb5dff | Triage

Submit
Reports

Overview

overview

Static

static

5

1ef872652a...in.exe

windows7-x64

1

1ef872652a...in.exe

windows10-2004-x64

Sharing

General

Target

1ef872652a143f17864063628cd4941d.bin.exe
Size

1.4MB
Sample

221130-gvw34sgb31
MD5

1ef872652a143f17864063628cd4941d
SHA1

ec9a67807e415f1ea3f1a612b1ee5a9f6320eddd
SHA256

033b92cfbba3eaa6e37768562c6259a821103691ae077f3cec7327d30abb5dff
SHA512

a441ae68668c8b7d309b4baa7a3aab986aa9147daf30c2de4ee7cd6290f0975d8d0e37d1c7a36efd531ae2f910edd361e07ab5619b59681bc74ef42813a8379f
SSDEEP

24576:ltb20pkaCqT5TBWgNQ7aIDiHm4YENPFLkDnPWySnmQ5L78hVM6A:WVg5tQ7aID0m4YM9KeySnR5L795

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ef872652a143f17864063628cd4941d.bin.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ef872652a143f17864063628cd4941d.bin.exe

Resource

win10v2004-20220812-en

nanocore evasion keylogger persistence spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ef872652a143f17864063628cd4941d.bin.exe
- Size
  
  1.4MB
- MD5
  
  1ef872652a143f17864063628cd4941d
- SHA1
  
  ec9a67807e415f1ea3f1a612b1ee5a9f6320eddd
- SHA256
  
  033b92cfbba3eaa6e37768562c6259a821103691ae077f3cec7327d30abb5dff
- SHA512
  
  a441ae68668c8b7d309b4baa7a3aab986aa9147daf30c2de4ee7cd6290f0975d8d0e37d1c7a36efd531ae2f910edd361e07ab5619b59681bc74ef42813a8379f
- SSDEEP
  
  24576:ltb20pkaCqT5TBWgNQ7aIDiHm4YENPFLkDnPWySnmQ5L78hVM6A:WVg5tQ7aID0m4YM9KeySnR5L795
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy