nanocore | 8c7d7698d6377193d9795727b59475d36cdddea75f525e5468b87c61da68d04e | Triage

Sharing

General

Target

NanoCore 1.2.2.0.rar
Size

11.0MB
Sample

241117-zj4ypaybmr
MD5

4538860fa47e6d6ea3271b362004e371
SHA1

c4f632049928aa82d36d932665718c689c86bcf5
SHA256

8c7d7698d6377193d9795727b59475d36cdddea75f525e5468b87c61da68d04e
SHA512

1cbc244a3942394ae960615471a40d3d57a54017ee606e95da4c113f53644ed20e9c0f1e0528e3ed77c172189ac01672fec28e384203f7fe0c62d351f01f89ab
SSDEEP

196608:dxwI8RUUyA1RB2bkj+gegzJowW3Wx0u8CU3ymPhB26kRgJzj1DFeYMRjWcJ:dxmRUUTeOHRSWxsCU33nMGMRDJ

Score

10^/10

nanocore discovery execution keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  NanoCore 1.2.2.0.rar
- Size
  
  11.0MB
- MD5
  
  4538860fa47e6d6ea3271b362004e371
- SHA1
  
  c4f632049928aa82d36d932665718c689c86bcf5
- SHA256
  
  8c7d7698d6377193d9795727b59475d36cdddea75f525e5468b87c61da68d04e
- SHA512
  
  1cbc244a3942394ae960615471a40d3d57a54017ee606e95da4c113f53644ed20e9c0f1e0528e3ed77c172189ac01672fec28e384203f7fe0c62d351f01f89ab
- SSDEEP
  
  196608:dxwI8RUUyA1RB2bkj+gegzJowW3Wx0u8CU3ymPhB26kRgJzj1DFeYMRjWcJ:dxmRUUTeOHRSWxsCU33nMGMRDJ
Score

10^/10

nanocore discovery execution keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryexecutionkeyloggerpersistencespywarestealertrojan