nanocore

General

Target

NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222.zip
Size

10.1MB
Sample

230325-1sq9maee37
MD5

1333e9bdcacf242b919d892883e8562a
SHA1

457dad60c79fdc637e2ba53c6a993ae48073d0a8
SHA256

517f321c489f68449571c735e9c1cbae5d3241a6872972b687be97d2b5d04903
SHA512

7d64aec16605e82e865bb48d87ab6d8eae815ed2aaa836b5fb817d3220ad0ebb9f564148ab23b374bbc268f404765f2cd99e53859fe27d73f73b66616317e5ff
SSDEEP

196608:uwAF2RqmtB/JR7WXFvDfZEdy5DoyRc8HIDftjc5e6sajAwkr+T58FezFc0J:uwAgLBOFLfZEdwoyRLoDa5zN4izF3

Score

10^/10

Malware Config

Targets

- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/NanoCorex.exe
- Size
  
  5.5MB
- MD5
  
  86e969198fa021717306f6e1fa91f548
- SHA1
  
  8ff9dc70c623824f91c75af4a4a57b62cea0f0b3
- SHA256
  
  5d66f49d642c092195beca3500408edd09409fefc65284ec3f69a8454dc3dfa7
- SHA512
  
  36d9d1a468575aa2a76c486a61fa430eae095f5ec24c75915523b758339d00844b5695665101740cce1c3cc61ed3bf8014d623a02feddfbd06cfa2db06761f0e
- SSDEEP
  
  98304:TJnZwQ8/VAQRxdsPKJ/lRM/oO3FX5Tz1m2HK1LtKfDAy9Yi7O+Kx:TJWQ8/GQDd3JjPOVXRzPHGL4fDAy9Yiq
Score

10^/10

xmrig evasion miner persistence
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Drops file in System32 directory
behavioral1
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/PluginCompiler.exe
- Size
  
  75KB
- MD5
  
  e2d1c5df11f9573f6c5d0a7ad1a79fbf
- SHA1
  
  b32bf571aca1b51af48f7f2f955aaf1bbdc5aa2f
- SHA256
  
  0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
- SHA512
  
  9c9ae7baa504dd34311f5730280f6a49e10eefdb145d2d29849e385a7da47c8f2c182cd6f39949f5904ef8462fc5c3dfaf1bc4cc8bff50c6750c9edc886192e0
- SSDEEP
  
  1536:iyVzgm8NqToL6n975lw8FDx39EhPKu4iV1Y:iyVMLUTos5SAx3ChPKpiVe
Score

1^/10
behavioral2
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/ServerPlugin.dll
- Size
  
  28KB
- MD5
  
  952c62ec830c63380beb72ad923d35dc
- SHA1
  
  6700baa1fb1877129e79402dfe237f0b84221b69
- SHA256
  
  2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
- SHA512
  
  5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121
- SSDEEP
  
  384:7LmAEURVWGSCyo6/NLoqwXEsZmLTdFuoKy:vm1izOlg0ZKy
Score

1^/10
behavioral3
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/client.bin
- Size
  
  130KB
- MD5
  
  906a949e34472f99ba683eff21907231
- SHA1
  
  7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
- SHA256
  
  9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
- SHA512
  
  29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d
- SSDEEP
  
  3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks whether UAC is enabled
  evasion trojan
behavioral4