Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/r...

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/reed427/Nanocore-Rat/archive/refs/heads/master.zip

  • Sample

    241227-sm2jeawqfp

Score
10/10
nanocorecollectiondiscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      https://github.com/reed427/Nanocore-Rat/archive/refs/heads/master.zip

    Score
    10/10
    nanocorecollectiondiscoveryevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Nanocore family

      nanocore

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Checks whether UAC is enabled

      evasiontrojan

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks