NanoCore is a second-stage malware classified as a remote access trojan (RAT) that helps attackers to perform remote code execution (RCE) on a compromised device.

Once installed, attackers can use it to perform various tasks, such as installing malicious files and establishing communication with a command-and-control (C2) server.

This trojan also attempts to run secondary objectives like data exfiltration and lateral movement.

For information about NanoCore and other human-operated malware campaigns, read these blog posts:

• Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
• Stopping Active Directory attacks and other post-exploitation behavior with AMSI and machine learning
• Zero Trust and its role in securing the new normal