General
-
Target
ca84f77039489d18592d549727cb363c559b16d17af6202385b5163c4c37972d
-
Size
452KB
-
Sample
220521-bjkcaabhf3
-
MD5
575eb7c48544813dfe86227ef14b0391
-
SHA1
7c16912eec44a6cb87014e0bca4c5346af569963
-
SHA256
ca84f77039489d18592d549727cb363c559b16d17af6202385b5163c4c37972d
-
SHA512
a904dbacf5357346d17670ad91cd8d3eedc0ff1c71d8af6e713847bfe48fbbdcab51de233bc8e1ef4b026d11049014760f5de907865097e4eae182a10251a479
Malware Config
Extracted
nanocore
1.2.2.0
185.244.30.128:4050
9baae9bf-6845-44fb-b19d-00e3ef120a2a
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-27T08:47:15.500150836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
4050
-
default_group
face
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
9baae9bf-6845-44fb-b19d-00e3ef120a2a
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
185.244.30.128
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
ORDER-5900.exe
-
Size
728KB
-
MD5
6c44ccd3a852a5d1d43ed5d3387447ac
-
SHA1
49ee48a6d3d81c22df6ca41aaeac61c4469b9437
-
SHA256
cea1d36e04dc9357211734f659dfe352056afc40779ee251fee4e72ceec619bf
-
SHA512
440bc2b4748a3d4e023979b23c2637892cbb595b8493970f814f1d45942dc2105b50911e8a0ec2916ed7866958b08885b86e5839b1fdc7ecd69c4643d03592fd
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-