nanocore

Resubmissions

13-12-2024 17:44

241213-wbgxeaxphq 10

13-12-2024 17:15

241213-vsrmhavpgs 10

13-12-2024 17:14

241213-vshdtsxjhl 10

13-12-2024 17:13

241213-vrge5svpc1 10

Sharing

Copy URL

Twitter E-mail

General

Target

NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar
Size

5.8MB
Sample

241213-vrge5svpc1
MD5

c75744769bae7a3e7a4a1aec27673851
SHA1

56b0aa88b44c532be4975bc096cb8e4b9e7ecb49
SHA256

ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75
SHA512

fa0c8d0b3adbb0bf11185b6c85f38c99421ef24ce55d94674e8d999c907f323a3eb0bcf711b60298e31db2958ebfa2dafad9d01cdf1e61251018ebd717934679
SSDEEP

98304:5S+zg4KC/4ObL3j/ZV2tKRcHhMBJcPpylijvjTZi1UBCFCX/IxCF+/h0k98nRDdj:51kC/40z3tKMrcByIT1B2zkA/Ck92thv

Score

10^/10

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

10.127.0.101:54984

Mutex

18fe6997-f24c-4ede-8562-23db3cd75697

Attributes

activate_away_mode
true
backup_connection_host
10.127.0.101
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2024-09-24T19:11:11.405145136Z
bypass_user_account_control
false
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
54984
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
18fe6997-f24c-4ede-8562-23db3cd75697
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
primary_dns_server
8.8.8.8
request_elevation
false
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar
- Size
  
  5.8MB
- MD5
  
  c75744769bae7a3e7a4a1aec27673851
- SHA1
  
  56b0aa88b44c532be4975bc096cb8e4b9e7ecb49
- SHA256
  
  ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75
- SHA512
  
  fa0c8d0b3adbb0bf11185b6c85f38c99421ef24ce55d94674e8d999c907f323a3eb0bcf711b60298e31db2958ebfa2dafad9d01cdf1e61251018ebd717934679
- SSDEEP
  
  98304:5S+zg4KC/4ObL3j/ZV2tKRcHhMBJcPpylijvjTZi1UBCFCX/IxCF+/h0k98nRDdj:51kC/40z3tKMrcByIT1B2zkA/Ck92thv
Score

10^/10

nanocore discovery keylogger spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222/ClientPlugin.dll
- Size
  
  19KB
- MD5
  
  bdc8945f1d799c845408522e372d1dbd
- SHA1
  
  874b7c3c97cc5b13b9dd172fec5a54bc1f258005
- SHA256
  
  61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
- SHA512
  
  4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962
- SSDEEP
  
  192:VYLQui6h6p5WW3tZVTnlYJL/eLYLTr2/C8:VYLQu/6/fKqLYLTR
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222/NanoCore.exe
- Size
  
  1.4MB
- MD5
  
  1728acc244115cbafd3b810277d2e321
- SHA1
  
  be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
- SHA256
  
  ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
- SHA512
  
  8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034
- SSDEEP
  
  24576:d7dOT1b7eAJzjSTUd+21nm3kEvpqZ0vSxmfexX6shz07DTl/uz:d7dqVw2+2KkS4PmGX6og7
Score

4^/10

discovery
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222/PluginCompiler.exe
- Size
  
  75KB
- MD5
  
  e2d1c5df11f9573f6c5d0a7ad1a79fbf
- SHA1
  
  b32bf571aca1b51af48f7f2f955aaf1bbdc5aa2f
- SHA256
  
  0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
- SHA512
  
  9c9ae7baa504dd34311f5730280f6a49e10eefdb145d2d29849e385a7da47c8f2c182cd6f39949f5904ef8462fc5c3dfaf1bc4cc8bff50c6750c9edc886192e0
- SSDEEP
  
  1536:iyVzgm8NqToL6n975lw8FDx39EhPKu4iV1Y:iyVMLUTos5SAx3ChPKpiVe
Score

10^/10

discovery nanocore keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Adds Run key to start application
  persistence
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222/ServerPlugin.dll
- Size
  
  28KB
- MD5
  
  952c62ec830c63380beb72ad923d35dc
- SHA1
  
  6700baa1fb1877129e79402dfe237f0b84221b69
- SHA256
  
  2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
- SHA512
  
  5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121
- SSDEEP
  
  384:7LmAEURVWGSCyo6/NLoqwXEsZmLTdFuoKy:vm1izOlg0ZKy
Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  NanoCore 1.2.2.0_Cracked By Alcatraz3222/System.Data.SQLite.dll
- Size
  
  256KB
- MD5
  
  dd3d6f00b1aba3f1d9338d9727ab5f17
- SHA1
  
  faf9364a7ab15f27c93a6e6f97fa025030c9dad7
- SHA256
  
  f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
- SHA512
  
  0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7
- SSDEEP
  
  6144:icvnEsATddHqgM69uZ5iFNFGFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchF1:icvnEygM69uZ8FNFGFOFwcGF6cmFWc0z
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24