nanocore | ed040578b81b0935101644de531cdb5c14495f44071a29cd4bf2b542fc87223c | Triage

Sharing

General

Target

83d99d1328f7c2e7a7d0ab92bb4171bf_JaffaCakes118
Size

1.9MB
Sample

240809-2pgrfsxcmg
MD5

83d99d1328f7c2e7a7d0ab92bb4171bf
SHA1

b9ba45c772023e30bf311b84060813d7742a05f6
SHA256

ed040578b81b0935101644de531cdb5c14495f44071a29cd4bf2b542fc87223c
SHA512

cbf30d16b99cd33c034ec6d216051cab1f4fdf6ca93e7b6bb84168aca0ad81bcab36df1bb3cb012634da0d265f5ba1a0f034a4aab608aada996015c964290663
SSDEEP

24576:jAnMkN0CYu03PRjmKY6DZfDQ67D1BJDGZURDEpD3ckXcFmJUw+wonybrKXzEIboe:jAnpBY0KYYzxBJDGQBkJ+3ybrwbFz

Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  83d99d1328f7c2e7a7d0ab92bb4171bf_JaffaCakes118
- Size
  
  1.9MB
- MD5
  
  83d99d1328f7c2e7a7d0ab92bb4171bf
- SHA1
  
  b9ba45c772023e30bf311b84060813d7742a05f6
- SHA256
  
  ed040578b81b0935101644de531cdb5c14495f44071a29cd4bf2b542fc87223c
- SHA512
  
  cbf30d16b99cd33c034ec6d216051cab1f4fdf6ca93e7b6bb84168aca0ad81bcab36df1bb3cb012634da0d265f5ba1a0f034a4aab608aada996015c964290663
- SSDEEP
  
  24576:jAnMkN0CYu03PRjmKY6DZfDQ67D1BJDGZURDEpD3ckXcFmJUw+wonybrKXzEIboe:jAnpBY0KYYzxBJDGQBkJ+3ybrwbFz
Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerspywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerspywarestealertrojan