General
-
Target
PO-13916654658867654342003.z
-
Size
305KB
-
Sample
211021-d7bfdshgf5
-
MD5
b29af063776d1bb6382261b5ea4344ed
-
SHA1
e72eb9aac567ec0927aae4ef870867fe11e473c8
-
SHA256
72aa6b57a853c9e9c39833e16e5a2dca88847e27cfe10d57175990b20555a894
-
SHA512
be010fe9f10365b153c91930b573965a5d579bc08f2e10dd4797860091e0297eff285767270e722ac14adae17660bd4eb6ba85d9b964e824f911094d577c8509
Malware Config
Extracted
nanocore
1.2.2.0
185.157.160.229:60006
neoncorex.duckdns.org:60006
1d5c6a3e-60c1-4684-aee7-fbdc0338bfa0
-
activate_away_mode
true
-
backup_connection_host
neoncorex.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2021-07-29T18:43:26.772131836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
60006
-
default_group
NANOSHIELD
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
1d5c6a3e-60c1-4684-aee7-fbdc0338bfa0
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
185.157.160.229
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
PO-13916654658867654342003.exe
-
Size
574KB
-
MD5
7ae160bfca29e0c7c3fb4a98a29b32d7
-
SHA1
49d5ca7f388c754d7f8a2723f154cf04a849487c
-
SHA256
f18fe72903701dbb74e8c8baadac476f740cd30fb6643e79a2320d168e7835c6
-
SHA512
1f7fe7428879702e4cac93e0fbd7075dd6839835b877bf075f5538c2593fee51352ca15bec7e811b64a8349d03669b11b1ae38933a071d6fb6c9655b77452713
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Executes dropped EXE
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-