nanocore | c0221184319d7bb9d52c8391fc4668d5b6766fa2f86c63c38176a624e7de5e81 | Triage

Sharing

General

Target

c0221184319d7bb9d52c8391fc4668d5b6766fa2f86c63c38176a624e7de5e81
Size

552KB
Sample

221130-wvydhada29
MD5

7c0379e8f9920b96094583589f4b8bbe
SHA1

7bd70ad54fc1701fffcc08041d6a4bbd0364abb0
SHA256

c0221184319d7bb9d52c8391fc4668d5b6766fa2f86c63c38176a624e7de5e81
SHA512

4eadf2321b1257cb9ff23625884bfe0a784eca4984c46c0133a2f4f265aca17c35beac089c9c61312aff98f552227f1c0c515004c26353da17215028863537a2
SSDEEP

12288:l5mhXuIMRurulFKDI76w28WqP0Ww+vQZ5cHW:Q+IMRuSJ76iP0Ww+IvcHW

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  c0221184319d7bb9d52c8391fc4668d5b6766fa2f86c63c38176a624e7de5e81
- Size
  
  552KB
- MD5
  
  7c0379e8f9920b96094583589f4b8bbe
- SHA1
  
  7bd70ad54fc1701fffcc08041d6a4bbd0364abb0
- SHA256
  
  c0221184319d7bb9d52c8391fc4668d5b6766fa2f86c63c38176a624e7de5e81
- SHA512
  
  4eadf2321b1257cb9ff23625884bfe0a784eca4984c46c0133a2f4f265aca17c35beac089c9c61312aff98f552227f1c0c515004c26353da17215028863537a2
- SSDEEP
  
  12288:l5mhXuIMRurulFKDI76w28WqP0Ww+vQZ5cHW:Q+IMRuSJ76iP0Ww+IvcHW
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocoreevasionkeyloggerpersistencespywarestealertrojan