NanoCore

Creation of a RAT with Nanocore software: Step by Step guide

CREATE A RAT WITH NANOCORE

Nanocore is the last utility in our selection. This happens to be one of the easiest to use.

Step 1: Listening to the port

Once the software has started, you just have to go to the “Network” section to add the new port. Once done, click on your port and on “enable” .

Step 2: Configuring the RAT

Once you have listened to your port, all you have to do is go to the ”  Builder” section , which allows you to create your RAT.

First, you must go to the “Primary Connection” section and fill in the requested fields. Host being the domain name of your No-IP account, the same goes for the port ( Convert your IP to a fixed IP ). By default, the software will have already filled in a few sections such as creating an icon, a message as soon as the user launches the software, etc.

Step 3: Contaminate your victim and control them

Once your RAT has been created, your target will have to launch it (by email, USB key, several methods exist). Nothing will happen to the user. On the other hand, for you in the ”  Customer  ” section something new will appear! You will see in a list, all the victims who have been infected. With a right click you will then have access to many options (turn on the webcam etc.).

What is NanoCore RAT

NanoCore RAT appeared nearly a decade ago, it remains one of the most popular RAT families, and several versions have appeared since then. NanoCore RAT is a modular malware that supports plugins to extend its functionality. Basic plugins offer remote monitoring via remote desktop, webcam monitor, audio capture, and more.

Additional plugins have been used for cryptocurrency mining, ransomware attacks, credential theft, and more.

NanoCore RAT is delivered via phishing emails containing .doc macros that load a NanoCore binary with fileless infection techniques.

NanoCore communicates over a custom protocol over TCP and uses the DES algorithm with a hard-coded key and IV value to encrypt the communication between the bot and its C&C server. The communication packet begins with a data length of 4 bytes followed by DES encrypted data of that length.

Possible detections targeting this Trojan RAT family:

  • Backdoor.NanoCore (Malwarebytes)
  • MSIL:NanoCore-B Trj (Avast!/AVG)
  • Backdoor:MSIL/Nanocore (Microsoft)
  • MSIL/NanoCore (NOD32)
  • Trojan.Nanocore (Dr.Web)
  • Backdoor:MSIL/Noancooe

How to remove NanoCore for free

Remove NanoCore with MBAM

  • Download then install Malwarebytes Anti-Malware
  • Let yourself be guided to make the first configurations
  • Then Run a quick scan by clicking the Scan button
  • At the end of the scan, delete all detected threats
  • Finally restart your PC if MBAM asks for it

Remove NanoCore with RogueKiller

  • Download then install RogueKiller
  • Run a virus scan of the PC by clicking on the Scan button
  • Let the scan run, it will take some time
  • Finally remove all detected threats

Remove NanoCore with NOD32

  • Download then run esetonelinescanner.exe
  • Then let yourself be guided to perform the online analysis and then activate the detection of PUAs (Potentially Unwanted Application)
  • Then the analysis of NOD32 is carried out, there too, it will take a lot of time, wait
  • Finally place all detected items in quarantine

How to protect your PC from viruses

You can remove the used programs, if you wish you can keep Malwarebytes Anti-Malware to perform regular scans.

Remove AdwCleaner and ZHPCleaner , there is no point in keeping them for regular scans.

It is strongly advised to change all your passwords (Facebook, online games, emails etc).

Leave a Comment

Your email address will not be published. Required fields are marked *