NanoCore

Malware updated 6 months ago (2024-06-03T16:17:35.667Z)
Download STIX
Preview STIX
NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in December. It's worth noting that it was among the most prevalent malwares last month, with a global impact of 1%, following FakeUpdates and Formbook which impacted 2% of worldwide organizations. In a recent attack scenario, NanoCore was deployed alongside Remcos by GuLoader. The malware downloaded encoded data from the “nanoshield.pro/files” URL, reversed the data, replaced the specific string “DgTre,” and employed “RegAsm” to proxy the execution of NanoCore. Additionally, the plugin files downloaded from the C2 server included VenomRAT version 6, Remcos, XWorm, NanoCore, and a stealer designed for specific crypto wallets. In December, the BunnyLoader payload was delivered as a follow-up payload to a NanoCore infection using a novel .NET injector. The final payload was a dropper Trojan known as Win.Dropper.Nanocore-10011208-0 Dropper Nanocore, a .NET remote access trojan that installs the NanoCore RAT. This demonstrates the complex and multi-stage nature of attacks involving NanoCore, highlighting its persistent threat in the cybersecurity landscape.
Description last updated: 2024-06-03T16:17:03.219Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Rat
Malware
Trojan
Payload
Crypter
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Redline Malware is associated with NanoCore. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actorUnspecified
4
The njRAT Malware is associated with NanoCore. NjRAT is a remote-access Trojan (RAT) that has been in use since 2013, often deployed in both criminal and targeted attacks. This malware can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, NjRAT can steal personal information, dUnspecified
3
The Agenttesla Malware is associated with NanoCore. AgentTesla is a well-known Remote Access Trojan (RAT) and infostealer malware that has been used in numerous cyber-attacks. It is often delivered through malicious emails or downloads, and once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransUnspecified
2
Source Document References
Information about the NanoCore Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
6 months ago
Fortinet
7 months ago
Unit42
8 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
Fortinet
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Secureworks
2 years ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
Recorded Future
2 years ago