nanocore | b1d04d78ca542907bf8e87ac423cce20039b745b9500d292dcc1764feb660931 | Triage

Sharing

General

Target

96c46f1028dfd68dcafc774a331b7887_JaffaCakes118
Size

804KB
Sample

241124-x88l3a1par
MD5

96c46f1028dfd68dcafc774a331b7887
SHA1

a3f23dec1b19baeb71e75a9891a7a13a021c93bd
SHA256

b1d04d78ca542907bf8e87ac423cce20039b745b9500d292dcc1764feb660931
SHA512

ab318cb3228f0dd9087c64d4ea0e5021ec372a44c65d55a4d4209fba3b83e3b31cccb5f85c250fc31b650118a3e9891fa8dff45d142e41c576607739f51b3470
SSDEEP

12288:JGpk59Z3PCPoflr7RTd1To2k6qYa84nCsVcN9L4+xEWLIqD1fvIlwvCeP0/5KWRT:zdVPqY/4EIqD1Ylwvtz5C

Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan

Malware Config

Targets

- Target
  
  96c46f1028dfd68dcafc774a331b7887_JaffaCakes118
- Size
  
  804KB
- MD5
  
  96c46f1028dfd68dcafc774a331b7887
- SHA1
  
  a3f23dec1b19baeb71e75a9891a7a13a021c93bd
- SHA256
  
  b1d04d78ca542907bf8e87ac423cce20039b745b9500d292dcc1764feb660931
- SHA512
  
  ab318cb3228f0dd9087c64d4ea0e5021ec372a44c65d55a4d4209fba3b83e3b31cccb5f85c250fc31b650118a3e9891fa8dff45d142e41c576607739f51b3470
- SSDEEP
  
  12288:JGpk59Z3PCPoflr7RTd1To2k6qYa84nCsVcN9L4+xEWLIqD1fvIlwvCeP0/5KWRT:zdVPqY/4EIqD1Ylwvtz5C
Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerspywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerspywarestealertrojan