General
-
Target
df5d1424b5dd4caca6d9ea8a92406821634a2449f3cb3c42a53140360cdb49f1
-
Size
270KB
-
Sample
220520-2r7qnafhd6
-
MD5
a5d6f8a68c2b8e00840e6a7727217584
-
SHA1
b2f0f68c3a6c38b84d5330b4e99626ec75b45c23
-
SHA256
df5d1424b5dd4caca6d9ea8a92406821634a2449f3cb3c42a53140360cdb49f1
-
SHA512
29bffb798504a1faea78eac1f36ba5dc5bc1f496a20c6cb5f70558e2a0c351477958062e71f7a6d866491dbfd54f6e578a93d5f0cf164c5d24a0b4e47bb4bea6
Malware Config
Extracted
nanocore
1.2.2.0
194.5.99.21:19515
127.0.0.1:19515
67804429-9250-4304-bc0e-3c5c0113c6bc
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-03T10:47:34.527608136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
19515
-
default_group
May22
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
67804429-9250-4304-bc0e-3c5c0113c6bc
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
194.5.99.21
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Urgent Quotation Request RFQ20202205 Short Delivery Preference.exe
-
Size
335KB
-
MD5
75250bd5c17ef8ef930881d75c5266cf
-
SHA1
acf4bc9e501bdb1fa3fef12e27dafb99606acda9
-
SHA256
3432874fb720b1dfb4e8325021377473de3b5811882cb563d4381ca4682ccbbb
-
SHA512
7efb35fe5772bf1ec8ea439ece77a7cfc013524c5101dc2a407191e1e754222735b34580ce60fc70fc40c9ada67336a512138c854dc166d64bdc59afc4fd33bc
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-