NANOCORE


 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


NanoCore is a remote access trojan (RAT) first discovered in 2013, being sold in underground forums. The malware has a variety of functions including keylogging, password stealing that can remotely pass along data to the malware operator, ability to tamper and view footage from webcams, screen locking, download and theft of files, among others.

We have observed some NanoCore variants being spread through malicious documents. Some also use an interesting technique to keep the malware's processes running and prevent the victims from manually killing the processes.

It is capable of the following:

  • Information theft

  • Backdoor commands

  • Exploits

  • Disabling usage

A typical NanoCore infection is below: