nanocore | 356e87a4ef1469bba5cfc99c19161b37f0fdaa766043705a4d51b4bae8b134d3 | Triage

Sharing

General

Target

356e87a4ef1469bba5cfc99c19161b37f0fdaa766043705a4d51b4bae8b134d3.js
Size

7KB
Sample

240812-tkzgpsydnr
MD5

8c3bd48b27d70c24d021ff7c16308a15
SHA1

80bdf02a07c5407fae1c67d311480283c41235ad
SHA256

356e87a4ef1469bba5cfc99c19161b37f0fdaa766043705a4d51b4bae8b134d3
SHA512

384cca755586d4e8f6b6ae8a1ba247862a81270dcdd28b077014b3c23ba1aa1af58ea3f1f786190c8b3d33edb116eb4024d23c610963bbe729f85864fb773ce2
SSDEEP

48:BQSNqLykK7Zd1Oy2qLHDMpq1qQIqLcDGIdnFe+qyHtdHErqLup6:yGHkKVM4DRrItGmFeEHt9uA

Score

10^/10

nanocore discovery evasion execution keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  356e87a4ef1469bba5cfc99c19161b37f0fdaa766043705a4d51b4bae8b134d3.js
- Size
  
  7KB
- MD5
  
  8c3bd48b27d70c24d021ff7c16308a15
- SHA1
  
  80bdf02a07c5407fae1c67d311480283c41235ad
- SHA256
  
  356e87a4ef1469bba5cfc99c19161b37f0fdaa766043705a4d51b4bae8b134d3
- SHA512
  
  384cca755586d4e8f6b6ae8a1ba247862a81270dcdd28b077014b3c23ba1aa1af58ea3f1f786190c8b3d33edb116eb4024d23c610963bbe729f85864fb773ce2
- SSDEEP
  
  48:BQSNqLykK7Zd1Oy2qLHDMpq1qQIqLcDGIdnFe+qyHtdHErqLup6:yGHkKVM4DRrItGmFeEHt9uA
Score

10^/10

nanocore discovery evasion execution keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionexecutionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocorediscoveryevasionexecutionkeyloggerpersistencespywarestealertrojan