nanocore | 4a00588e366b27273cc7b3a7dc14addaddc207fdc3b6965e5cb995c1ace2fd04 | Triage

Sharing

General

Target

Tempspoffer.exe
Size

40.6MB
Sample

250128-26ecnaxkbl
MD5

f0082668059d950985a7241f49b2e783
SHA1

a72316855135a7402661576800634a33fba4ffdb
SHA256

4a00588e366b27273cc7b3a7dc14addaddc207fdc3b6965e5cb995c1ace2fd04
SHA512

453a87d68aafc792fc690766cfcedcfdd3f01039f949f365be269d3e3147466c2e59b5c8ffa16a03db19bdd25b13acddca8fc73b0fde5311077ab142be3efdbd
SSDEEP

786432:90Xbab6t3WWEqamWxa4IzSDqG9dabW+mY72F1y4SQNgNh2AtPHAr7UCM283nrG:90Xub64WEa8JIzSmGGbWQ2F1yINgfBhq

Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Tempspoffer.exe
- Size
  
  40.6MB
- MD5
  
  f0082668059d950985a7241f49b2e783
- SHA1
  
  a72316855135a7402661576800634a33fba4ffdb
- SHA256
  
  4a00588e366b27273cc7b3a7dc14addaddc207fdc3b6965e5cb995c1ace2fd04
- SHA512
  
  453a87d68aafc792fc690766cfcedcfdd3f01039f949f365be269d3e3147466c2e59b5c8ffa16a03db19bdd25b13acddca8fc73b0fde5311077ab142be3efdbd
- SSDEEP
  
  786432:90Xbab6t3WWEqamWxa4IzSDqG9dabW+mY72F1y4SQNgNh2AtPHAr7UCM283nrG:90Xub64WEa8JIzSmGGbWQ2F1yINgfBhq
Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan