General
-
Target
53c14813f2418066afe42f028670aecc.exe
-
Size
425KB
-
Sample
200716-ke2zxey222
-
MD5
53c14813f2418066afe42f028670aecc
-
SHA1
25fa1ae027ee1a35922c5657fff2c929d99307b5
-
SHA256
777fba538036151ad62b324ca054357052c7e2bdbc6105c304cbd05cd61ee67f
-
SHA512
631ae2a2c65a6d38f7c9ae9276eb9469d0436983f4196264bbf2600cc0be753ecbfd573a8594ea3d8798b381d97eb2501566d7a1f9b1bc5f34d9b9774aebea39
Malware Config
Extracted
nanocore
1.2.2.0
netccwomo.duckdns.org:9090
aca6b6c5-7baa-4946-a12a-593d7d8be7b5
-
activate_away_mode
true
-
backup_connection_host
netccwomo.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-04-12T15:18:35.106129436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
9090
-
default_group
july
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
aca6b6c5-7baa-4946-a12a-593d7d8be7b5
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
netccwomo.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
53c14813f2418066afe42f028670aecc.exe
-
Size
425KB
-
MD5
53c14813f2418066afe42f028670aecc
-
SHA1
25fa1ae027ee1a35922c5657fff2c929d99307b5
-
SHA256
777fba538036151ad62b324ca054357052c7e2bdbc6105c304cbd05cd61ee67f
-
SHA512
631ae2a2c65a6d38f7c9ae9276eb9469d0436983f4196264bbf2600cc0be753ecbfd573a8594ea3d8798b381d97eb2501566d7a1f9b1bc5f34d9b9774aebea39
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Drops startup file
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-