9973ff08337e84d15ceaa51863c1b0c26fd6c31c51a76916174410eb077cde6f

General
Target

9973ff08337e84d15ceaa51863c1b0c26fd6c31c51a76916174410eb077cde6f

Size

1MB

Sample

220521-xbchcsefcn

Score
10 /10
MD5

9fd04b84f91d61efbc538a9a309e8e11

SHA1

31e944a9ba467f308d39df3342db5b614b75f478

SHA256

9973ff08337e84d15ceaa51863c1b0c26fd6c31c51a76916174410eb077cde6f

SHA512

526540611f29e2f1188c8c96e7c0eb55e547921c040f6ebda3c59bec00ef36766eb2d716714a2de4d8f4dfc381bf3dc006fafb7f7c822b79cf53296cb1e611ef

Malware Config

Extracted

Family nanocore
Version 1.2.2.0
C2

u852121.nvpn.to:3410

Attributes
activate_away_mode
true
backup_connection_host
u852121.nvpn.to
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2020-03-29T22:15:11.322294736Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
3410
default_group
usp
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
6600ee3d-9113-495f-9807-2cbadaeabc68
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
u852121.nvpn.to
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000
Targets
Target

USPS.EXE

MD5

2b88bb3a1dc7d15f7ee00323f4d8f142

Filesize

1MB

Score
10/10
SHA1

920e2fadf1372cd0d0f0c5f086d18a7eda79587f

SHA256

944b633d92799fe6aeefae5de7945b6b0b69020ed669d9d7e68ebd80868771e6

SHA512

445fa6eb36f0e7748a8e803819a11df1905076ef0b0d33c431aef26b35997df774bd3a46eac04f9be8a4f78550f1f99384bef0589490637fee529fecc84aab0e

Tags

Signatures

  • NanoCore

    Description

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    Tags

  • Drops startup file

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          5/10