nanocore | b250dccc534f8bacc38656f7dba9bbf3b97c572839f28c49bb8f24400cd52170 | Triage

Resubmissions

10-01-2025 17:26

250110-vz5gyasrhl 10

10-01-2025 16:25

250110-tw4ksssjcp 10

Sharing

General

Target

JaffaCakes118_e8c47dd833dd0fb7c60becb77181763d
Size

992KB
Sample

250110-tw4ksssjcp
MD5

e8c47dd833dd0fb7c60becb77181763d
SHA1

c1267f03431f62775f2dddee3cc0b4f138aabe02
SHA256

b250dccc534f8bacc38656f7dba9bbf3b97c572839f28c49bb8f24400cd52170
SHA512

31a34b13af3a8d02b7a1141b0f9bb50bb6a20b14b73bc6d9d7f19818cf8de8d7257e5048306cd2a4869f7c6074fa516d8e5aa02dc348731e7f1bf1e95f409f9b
SSDEEP

24576:rFhNhAgGFk+hD4QQcf7tg39/UBzb2HiRKcmtUlyGE:hhAFk+VRtS/gbTZf

Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_e8c47dd833dd0fb7c60becb77181763d
- Size
  
  992KB
- MD5
  
  e8c47dd833dd0fb7c60becb77181763d
- SHA1
  
  c1267f03431f62775f2dddee3cc0b4f138aabe02
- SHA256
  
  b250dccc534f8bacc38656f7dba9bbf3b97c572839f28c49bb8f24400cd52170
- SHA512
  
  31a34b13af3a8d02b7a1141b0f9bb50bb6a20b14b73bc6d9d7f19818cf8de8d7257e5048306cd2a4869f7c6074fa516d8e5aa02dc348731e7f1bf1e95f409f9b
- SSDEEP
  
  24576:rFhNhAgGFk+hD4QQcf7tg39/UBzb2HiRKcmtUlyGE:hhAFk+VRtS/gbTZf
Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan

behavioral2

nanocorediscoveryevasionkeyloggerpersistencespywarestealertrojan