nanocore | 80c22a635c8c465742fe3062fc705710d561ef1decc7094f22adc041bb2f15ed | Triage

Resubmissions

24/02/2025, 09:46

250224-lrx88avqy3 10

24/02/2025, 09:44

250224-lqf9bavp16 10

24/02/2025, 09:41

250224-ln87bavpw4 10

24/02/2025, 09:36

250224-lk437avns5 10

Sharing

General

Target

PW Loader.zip
Size

312KB
Sample

250224-ln87bavpw4
MD5

a9cbda7b860fc868aae1e969c3619bb1
SHA1

95cf5de8332bfe1fee3402d484e2502a153a9c68
SHA256

80c22a635c8c465742fe3062fc705710d561ef1decc7094f22adc041bb2f15ed
SHA512

c7d8ff507a95ffbff6c9f7194c8f0636c9fd391c4aa5e4ae5f919861652dbc0c91d8a47c5444797edd8049f8ee387bbb45e355812a03fdc1675f71304b02540c
SSDEEP

6144:0VkRP2RdNr0BgTC05uzP3z8QQUl2R++gClBVMgTSHjnE3dA84l9x:0VkRuR70yl03z8QQysBVMvY3dAfl9x

Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  PW Loader.exe
- Size
  
  354KB
- MD5
  
  638ded3b1d340c2a35f1891759e11d3b
- SHA1
  
  e290bb38e046a6d2ceef5632f1c1ab1fefde4d93
- SHA256
  
  d46c7ba651d37e8e51e062320fa860fc7aa69b5ab142a91d614bf61a64b8f9eb
- SHA512
  
  b8e61d0b992e887abc87f20b8ed7bff65801e9b9288a2ed296e4f4e2e3e1f0192c9b74a831a0d59814de222e73e358a14b2ae623ac5dd61d896b0445f7a21ab2
- SSDEEP
  
  6144:/0XQ1m1ii5mwp+wR0O+VbL68KadaT6Cwfn/7NIY/Y+nNK2UX+8+Hxr:/0XQ1XQUweNbLBKa8T6CS/JaXJ+Hxr
Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan