nanocore | cba86b70969975790694a1913cd12089df0770a8a2c68938948718657f26c12f | Triage

Sharing

General

Target

cba86b70969975790694a1913cd12089df0770a8a2c68938948718657f26c12f
Size

1.7MB
Sample

250220-jc7s1azlfm
MD5

ef6156d8b26762f63901d5fa97e65017
SHA1

c0e28b7062b68b1863812d7f278a19a95a5c8489
SHA256

cba86b70969975790694a1913cd12089df0770a8a2c68938948718657f26c12f
SHA512

ea68d6947fef69c582d26347dc81596b1ee0b368465c6451ef5a0c425481f97d71ce0fd282216ef904b206b0ba7fd680a94ca720ae4826b47f274452feaf97cb
SSDEEP

24576:tEJt6KQ0CbX/AE3cG1cIp96W9nQ2sv88bCpQrhSVJCLjdhTtwlnxdI3F5YaVFqow:ot6KuvT371PPHIv88JrZvHRVqotWD

Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  cba86b70969975790694a1913cd12089df0770a8a2c68938948718657f26c12f
- Size
  
  1.7MB
- MD5
  
  ef6156d8b26762f63901d5fa97e65017
- SHA1
  
  c0e28b7062b68b1863812d7f278a19a95a5c8489
- SHA256
  
  cba86b70969975790694a1913cd12089df0770a8a2c68938948718657f26c12f
- SHA512
  
  ea68d6947fef69c582d26347dc81596b1ee0b368465c6451ef5a0c425481f97d71ce0fd282216ef904b206b0ba7fd680a94ca720ae4826b47f274452feaf97cb
- SSDEEP
  
  24576:tEJt6KQ0CbX/AE3cG1cIp96W9nQ2sv88bCpQrhSVJCLjdhTtwlnxdI3F5YaVFqow:ot6KuvT371PPHIv88JrZvHRVqotWD
Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

behavioral2

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan