nanocore | 7ce70d99d892cb1dc3edeefd389c5a03a12d4aba6f0f9dff58bea59709c14802 | Triage

Sharing

General

Target

7ce70d99d892cb1dc3edeefd389c5a03a12d4aba6f0f9dff58bea59709c14802N
Size

798KB
Sample

241009-q4vfbawckk
MD5

1454a37dd468a9be07ce8fa633a28e30
SHA1

9e2645b6dcf33136c22600dce082a78b285b9627
SHA256

7ce70d99d892cb1dc3edeefd389c5a03a12d4aba6f0f9dff58bea59709c14802
SHA512

9fd58f84fa6c53f7d3ca8a853535024151031984fe402ba62aaa2cad87cda44cedacb26302988b0cdad258c0d216a7a3d65e469f3fa188b1e71ad9f0475d5581
SSDEEP

24576:xuDXTIGaPhEYzUzA0/0v5xkGMURGxIQyAto1/r:kDjlabwz9yC5PRoJ

Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  7ce70d99d892cb1dc3edeefd389c5a03a12d4aba6f0f9dff58bea59709c14802N
- Size
  
  798KB
- MD5
  
  1454a37dd468a9be07ce8fa633a28e30
- SHA1
  
  9e2645b6dcf33136c22600dce082a78b285b9627
- SHA256
  
  7ce70d99d892cb1dc3edeefd389c5a03a12d4aba6f0f9dff58bea59709c14802
- SHA512
  
  9fd58f84fa6c53f7d3ca8a853535024151031984fe402ba62aaa2cad87cda44cedacb26302988b0cdad258c0d216a7a3d65e469f3fa188b1e71ad9f0475d5581
- SSDEEP
  
  24576:xuDXTIGaPhEYzUzA0/0v5xkGMURGxIQyAto1/r:kDjlabwz9yC5PRoJ
Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan