NanoDump is a tool designed to decrypt NanoCore RAT configurations and extract all associated plugins for malware analysis.
Tool to decrypt the configuration of NanoCore and dump all used plugins
This tool is primarily used by incident responders and malware analysts to analyze NanoCore RAT samples by decrypting their configurations and dumping embedded plugins. It helps in understanding the malware's behavior and capabilities by extracting its components from packed samples.
Most NanoCore samples are packed, so users should first dump the sample using tools like HollowsHunter before running NanoDump. Using the precompiled binaries is recommended for ease of use, but compiling from source is also supported.
Clone or download the repository from GitHub
Compile the source code to generate NanoDecrypt.exe or use the precompiled binary from bin/debug
Ensure you have a dumped NanoCore sample before using the tool
Optionally use HollowsHunter to dump packed samples prior to analysisNanoDecrypt.exe NanoCore.exe C:\Users\Vladimir\Desktop\NanoCore
Decrypts the configuration of the NanoCore executable and dumps all used plugins to the specified directory