NanoCore

Malware updated 3 months ago (2024-06-03T16:17:35.667Z)

Download STIX

Preview STIX

NanoCore is a notorious Remote Access Trojan (RAT) first discovered in 2013. It targets Windows operating system users and operates by opening a backdoor on an infected computer to steal information. NanoCore has maintained a top five position for six consecutive months, taking the third spot in December. It's worth noting that it was among the most prevalent malwares last month, with a global impact of 1%, following FakeUpdates and Formbook which impacted 2% of worldwide organizations. In a recent attack scenario, NanoCore was deployed alongside Remcos by GuLoader. The malware downloaded encoded data from the “nanoshield.pro/files” URL, reversed the data, replaced the specific string “DgTre,” and employed “RegAsm” to proxy the execution of NanoCore. Additionally, the plugin files downloaded from the C2 server included VenomRAT version 6, Remcos, XWorm, NanoCore, and a stealer designed for specific crypto wallets. In December, the BunnyLoader payload was delivered as a follow-up payload to a NanoCore infection using a novel .NET injector. The final payload was a dropper Trojan known as Win.Dropper.Nanocore-10011208-0 Dropper Nanocore, a .NET remote access trojan that installs the NanoCore RAT. This demonstrates the complex and multi-stage nature of attacks involving NanoCore, highlighting its persistent threat in the cybersecurity landscape.

Description last updated: 2024-06-03T16:17:03.219Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Rat

Malware

Trojan

Payload

Crypter

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Redline	Unspecified	4	RedLine is a notorious malware that has been widely used by cybercriminals to steal sensitive information. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can cause significant damage by stealing personal data or disrupting operations. RedLine's conf
njRAT	Unspecified	3	NjRAT is a remote-access Trojan (RAT) that has been prevalent in both criminal and targeted attacks since as early as 2013. It is part of a suite of RATs used by attackers, including Remcos, AsyncRAT, Lime-RAT, Quasar RAT, BitRAT, among others. These malicious programs are typically customized for e
Agenttesla	Unspecified	2	AgentTesla is a well-known remote access trojan (RAT) that has been used extensively in cybercrime operations. It infiltrates systems through various methods, including malicious emails and suspicious downloads. Once inside, it can steal personal information, disrupt operations, or hold data hostage

Source Document References

Information about the NanoCore Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	3 months ago	Inside the Box: Malware’s New Playground - Check Point Research
Fortinet	5 months ago	ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins \| FortiGuard Labs
Unit42	6 months ago	Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled
CERT-EU	8 months ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
CERT-EU	a year ago	Threat Roundup for October 13 to October 20
CERT-EU	a year ago	New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Fortinet	a year ago	Attackers Distribute Malware via Freeze.rs And SYK Crypter \| FortiGuard Labs
CERT-EU	a year ago	New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs
CERT-EU	a year ago	Threat Roundup for June 9 to June 16
CERT-EU	a year ago	Νέα Έκδοση του Guloader Παραδίδει Κρυπτογραφημένα Cloud-Based Payloads
Secureworks	2 years ago	DarkTortilla Malware Analysis
CERT-EU	a year ago	Threat Roundup for June 2 to June 9
MITRE	2 years ago	The Gorgon Group: Slithering Between Nation State and Cybercrime
MITRE	2 years ago	Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
MITRE	2 years ago	NanoCoreRAT Behind an Increase in Tax-Themed Phishing E-mails
MITRE	2 years ago	The NanoCore RAT Has Resurfaced From the Sewers - Cofense
Recorded Future	2 years ago	2022 Adversary Infrastructure Report