Overview

overview

10

Static

static

1

NanoCore_Portable.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NanoCore_Portable.exe

  • Size

    6.4MB

  • Sample

    230325-tlvvxafe4x

  • MD5

    d8097b543928f1ae74e17ae06e941366

  • SHA1

    639cbf9d926c767a850d349dc09d2947ddb50ab2

  • SHA256

    59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

  • SHA512

    48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

  • SSDEEP

    196608:y91pFyYcveZFtjA9kIUgon9ZBJHEfWOXo5:y9BmvAOVo9Z3kfRg

Score
10/10
nanocorekeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      NanoCore_Portable.exe

    • Size

      6.4MB

    • MD5

      d8097b543928f1ae74e17ae06e941366

    • SHA1

      639cbf9d926c767a850d349dc09d2947ddb50ab2

    • SHA256

      59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

    • SHA512

      48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

    • SSDEEP

      196608:y91pFyYcveZFtjA9kIUgon9ZBJHEfWOXo5:y9BmvAOVo9Z3kfRg

    Score
    10/10
    nanocorekeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks