nanocore | 1ccd0e5a3520daf8852efc0a155d299130210d27ab07f857dbb390c0026ba7e3 | Triage

Sharing

General

Target

Spoofer.exe
Size

507KB
Sample

240526-3qq7yshd45
MD5

b74a67827cb2663315aaf2cd483049c6
SHA1

7672de49a3caee2db69ed2d682d90cc8978c0830
SHA256

1ccd0e5a3520daf8852efc0a155d299130210d27ab07f857dbb390c0026ba7e3
SHA512

74bb615e4c0e856117c961c79dbff2871bf19e7ef8e2fccdce9ee4f153a3f12648d3d8433aa81fbf5ecb0e57eebcb0242a6d730f8f0b93197264ae0739bea56f
SSDEEP

12288:qJdwTR7OZW0xFA3nGOG6syFot2wOda7EYUkf6Gfj:qJmTZCXTOGJyFoBOkAYUk9

Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Spoofer.exe
- Size
  
  507KB
- MD5
  
  b74a67827cb2663315aaf2cd483049c6
- SHA1
  
  7672de49a3caee2db69ed2d682d90cc8978c0830
- SHA256
  
  1ccd0e5a3520daf8852efc0a155d299130210d27ab07f857dbb390c0026ba7e3
- SHA512
  
  74bb615e4c0e856117c961c79dbff2871bf19e7ef8e2fccdce9ee4f153a3f12648d3d8433aa81fbf5ecb0e57eebcb0242a6d730f8f0b93197264ae0739bea56f
- SSDEEP
  
  12288:qJdwTR7OZW0xFA3nGOG6syFot2wOda7EYUkf6Gfj:qJmTZCXTOGJyFoBOkAYUk9
Score

10^/10

nanocore evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

nanocoreevasionkeyloggerpersistencespywarestealertrojan