f866833ab442929e34536a128184bceafe1715499777a61244323551742bf4ee

General
Target

f866833ab442929e34536a128184bceafe1715499777a61244323551742bf4ee

Size

2MB

Sample

220521-xb94maefhm

Score
10 /10
MD5

4c0b0a3028dcb0cb3015b4691c64c0b2

SHA1

f8726da87ee112ed109245c39c8401678127e039

SHA256

f866833ab442929e34536a128184bceafe1715499777a61244323551742bf4ee

SHA512

0b00559673d934c6015ed6b698aeec9e66df155de25b6b6ee3e8dd4729ebedcd65b55b7beb7a2d0d667adacffa610692c9616ded900b14b06a468a0f2602a1c3

Malware Config

Extracted

Family nanocore
Version 1.2.2.0
C2

u852117.nvpn.so:5638

comcasted.duckdns.org:5638

Attributes
activate_away_mode
true
backup_connection_host
comcasted.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2019-12-31T14:52:32.548938136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
5638
default_group
comcasted
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
c2752564-42a0-44a1-9f65-f38d35e9ab26
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
u852117.nvpn.so
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000
Targets
Target

ENQUIRY_.EXE

MD5

a2301e5f6bb76e888d242c4a6a49af47

Filesize

1MB

Score
10/10
SHA1

680dd9446633c37b09e2bc0542d86628ececc397

SHA256

51b15f2f55025fe7eff1ee4a4f5a2bedc616f3e0fc678a01a108d52c41e693ec

SHA512

4fe8ddb24f2ddc44250f8efeb72c556559c5568808cc310bc6154da705405044071416ed2d5ee263b4a209ab1f864bd3f2d14493553d370c8666d652328e5fe6

Tags

Signatures

  • NanoCore

    Description

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          5/10