nanocore | 25d72728eb6cbb742beb57aab0840e798d3188c2567911cf5e7cd39d81bb7efe | Triage

Submit
Reports

Overview

overview

Static

static

3

PW Loader.exe

windows11-21h2-x64

Sharing

General

Target

PW Loader.zip
Size

312KB
Sample

250227-lv2qtavks6
MD5

671700cca3ce98e640c388a002a7762a
SHA1

ad02bb430ff3c0afa8eccee2cdff7d89e5020387
SHA256

25d72728eb6cbb742beb57aab0840e798d3188c2567911cf5e7cd39d81bb7efe
SHA512

22f225a2670da9f248626e5fc59837ec06389b8614b1805865ae136d7405ed05e7ce309fdd4274c6dcee768373241b64d2e4be9b269d1bb173e5d4ce211d0398
SSDEEP

6144:dl1szEUBUAFqvViDYti59WvgEIvDZLgfbZwKyrfhTi/R+ZMhy3VPAPV1IK:NszEUBU7vsDypvPYDZLgfbZwJJTi/EyB

Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PW Loader.exe

Resource

win11-20250217-en

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan

windows11-21h2-x64

23 signatures

900 seconds

Malware Config

Targets

- Target
  
  PW Loader.exe
- Size
  
  353KB
- MD5
  
  56643e8d47bf957982131424f5813be5
- SHA1
  
  3a3f934194846aca94feb191711c310221013cc3
- SHA256
  
  fcf8b6406f92a604fa5f8972fc48e55c1790a63abbcb72811984e35515cdf058
- SHA512
  
  805f0252c41bee936f96f0584f393d84248dbe1ed8efbc71dd8a5b0246db55e5cfeaf1b50508e8517252bfe2f9a0e9f119a0fbb0d83f9e33714fd3ecc63ac69d
- SSDEEP
  
  6144:/2HTwL6csbaj/4vtvL33qzYti59EvgEINhclb/wjVbtzRup1JFD+wMoxrM:/76c4pH8yBvPKC/wjVbt0hFDfPxrM
Score

10^/10

nanocore defense_evasion discovery keylogger persistence spyware stealer trojan
- NanoCore
  NanoCore is a remote access tool (RAT) with a variety of capabilities.
  keylogger trojan stealer spyware nanocore
- Nanocore family
  nanocore
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Obfuscated Files or Information

Command Obfuscation

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy