nanocore | c3b05e542a419256b1eaa62ac2adb55bd77bb7b63e784462b7d994a13add6ee0 | Triage

Submit
Reports

Overview

overview

Static

static

3

OT20160097655.scr

windows7-x64

OT20160097655.scr

windows10-2004-x64

Sharing

General

Target

cec1126564d7383f3d3fa8ad7b929d00_JaffaCakes118
Size

697KB
Sample

240906-fzf21sybmk
MD5

cec1126564d7383f3d3fa8ad7b929d00
SHA1

a4a13a6abb7b0783fb55f276a1b250344726ab9e
SHA256

c3b05e542a419256b1eaa62ac2adb55bd77bb7b63e784462b7d994a13add6ee0
SHA512

e8cfe22edfc1e9544139158bb9b5708c6397ec24855cd5597d6acf5936ab6f75081b328f062ca162f4d3b40705a0fdd26db5814c9ecff28f97af5e8b490e429a
SSDEEP

12288:Pqy1LBTLWvHTer07+fJwjUTdW0ZFB7egSu7lvAvSyvbYcoSpU9yhBfq7ycMnf6:Swna7KCjUTfAglovUcIG0WcMny

Score

10^/10

nanocore discovery evasion keylogger link pdf persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OT20160097655.scr

Resource

win7-20240903-en

nanocore discovery evasion keylogger link pdf persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

OT20160097655.scr

Resource

win10v2004-20240802-en

nanocore discovery evasion keylogger link pdf persistence spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  OT20160097655.scr
- Size
  
  733KB
- MD5
  
  62310ebea13f180a31b0b59db9612588
- SHA1
  
  3990c0b24e6dd4bff2ae7d96cfdaae5ba5e4bd90
- SHA256
  
  38b2fc34fccf7c6298f36966578a90a655f8598e69580aab3ec8179c99d0d366
- SHA512
  
  d0b545d6d2f1137684e6c48903a522e2893e16d1b3e4af5d2504861c8f6e6b0033219691c7d807e812a662b05988b9fe320f2ce22accd07918b04ac80e6babd1
- SSDEEP
  
  12288:iDj2Bi+6FcjG3cvmcwGvWMq81js0EEMQo342NMSBS3mKFETzjxc3MsAdooib54UB:iDj2Qpcjdmc/O5440Y7S3mPf9ccjLibt
Score

10^/10

nanocore discovery evasion keylogger link pdf persistence spyware stealer trojan
- Modifies WinLogon for persistence
  persistence
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerlinkpdfpersistencespywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerlinkpdfpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy