nanocore

Sharing

Copy URL

Twitter E-mail

General

Target

NanoCore-main.zip
Size

6.2MB
Sample

230412-3jxq6aga85
MD5

1eb3fe59749b0b4c21223f73c0aa9a1f
SHA1

97d7f456447425825ff525b6107a6824b71d41c1
SHA256

587b83ae8b8b0213ed525cb45248f896ed798b7b0dcfb27fa8a61d9531f4bb50
SHA512

630a6d00f97a070a744f467f1178ea564df9aab5f1d181c1373a68cc81aa91494e2fb27fec6bcc7746911bcf55722bdda34ee69a46f10a359c248b3317d3ff0b
SSDEEP

196608:F4c/ep1djAtk4JUanezFcI5M1MEnGswAFoF:N/welezFH5ENnwAy

Score

10^/10

Malware Config

Targets

- Target
  
  ClientPlugin.dll
- Size
  
  19KB
- MD5
  
  bdc8945f1d799c845408522e372d1dbd
- SHA1
  
  874b7c3c97cc5b13b9dd172fec5a54bc1f258005
- SHA256
  
  61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
- SHA512
  
  4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962
- SSDEEP
  
  192:VYLQui6h6p5WW3tZVTnlYJL/eLYLTr2/C8:VYLQu/6/fKqLYLTR
Score

1^/10
behavioral1
- Target
  
  NanoCore.exe
- Size
  
  1.4MB
- MD5
  
  1728acc244115cbafd3b810277d2e321
- SHA1
  
  be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
- SHA256
  
  ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
- SHA512
  
  8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034
- SSDEEP
  
  24576:d7dOT1b7eAJzjSTUd+21nm3kEvpqZ0vSxmfexX6shz07DTl/uz:d7dqVw2+2KkS4PmGX6og7
Score

1^/10
behavioral2
- Target
  
  PluginCompiler.exe
- Size
  
  52KB
- MD5
  
  c83ad7488970251d48c4f4952d6ed0b8
- SHA1
  
  dadc6b24c5091a489104a616c4541e03d35a02ab
- SHA256
  
  c8ef314e2ec3b4afc5f7aef277d258fe1b5163cb8c11345ce45f7ac83c1a09d1
- SHA512
  
  c016aa2a988672f490701e5c90c0cc9b8da94a5c9b9f1eefc056177920ba52384fbe86d47d5de75ce6d1cf2d1e8a94c3e9c7dbb1cceb54342579f0bb2296106a
- SSDEEP
  
  768:WykhVJoOsSA0enopkfF2tlykA29ixBns+Xb5nT6cDc+:WpVJHenebACgBs+Ly+
Score

1^/10
behavioral3
- Target
  
  ServerPlugin.dll
- Size
  
  28KB
- MD5
  
  952c62ec830c63380beb72ad923d35dc
- SHA1
  
  6700baa1fb1877129e79402dfe237f0b84221b69
- SHA256
  
  2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
- SHA512
  
  5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121
- SSDEEP
  
  384:7LmAEURVWGSCyo6/NLoqwXEsZmLTdFuoKy:vm1izOlg0ZKy
Score

1^/10
behavioral4
- Target
  
  System.Data.SQLite.dll
- Size
  
  256KB
- MD5
  
  dd3d6f00b1aba3f1d9338d9727ab5f17
- SHA1
  
  faf9364a7ab15f27c93a6e6f97fa025030c9dad7
- SHA256
  
  f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
- SHA512
  
  0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7
- SSDEEP
  
  6144:icvnEsATddHqgM69uZ5iFNFGFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchF1:icvnEygM69uZ8FNFGFOFwcGF6cmFWc0z
Score

1^/10
behavioral5
- Target
  
  client.bin
- Size
  
  130KB
- MD5
  
  906a949e34472f99ba683eff21907231
- SHA1
  
  7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
- SHA256
  
  9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
- SHA512
  
  29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d
- SSDEEP
  
  3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU
Score

10^/10

nanocore evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks whether UAC is enabled
  evasion trojan
behavioral6
- Target
  
  x64/SQLite.Interop.dll
- Size
  
  1.3MB
- MD5
  
  382398711315e2fa8e93d305b4873908
- SHA1
  
  51482242e6d9170963aa27192c8279d20fce19ce
- SHA256
  
  270d61d183cff3dafad0db3dbe7942374552044baea1e28411c3a143cb620c02
- SHA512
  
  084217e67c125cb9952b91bc9783faf5c1e8fb01750cc1e6b4c3736c47b74dcf3207979c1c497e630e161aff529f71c403af6ca0232a7c3e9e587b58e4495589
- SSDEEP
  
  24576:fG4Gnwh2IK88uyMGI1YSbmdtDxnrW1oC0AZDvDetNQT7f+5eKMUxThC35:ewh2IKAYjtNme5eeG
Score

1^/10
behavioral7
- Target
  
  x86/SQLite.Interop.dll
- Size
  
  792KB
- MD5
  
  9b19dcee960dc215e64b1d82348707a9
- SHA1
  
  9c1e0f76673eb385787120e17404df179316ca2b
- SHA256
  
  3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
- SHA512
  
  cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d
- SSDEEP
  
  12288:iIF0SBEkDG7/jznRefvOIVcn4PW5d6PrVJNcdwLzs9w:iIYkDG7rznRenOIVc4PW76TbK
Score

1^/10
behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8