General
-
Target
9973ff08337e84d15ceaa51863c1b0c26fd6c31c51a76916174410eb077cde6f
-
Size
1.8MB
-
Sample
220521-xbchcsefcn
-
MD5
9fd04b84f91d61efbc538a9a309e8e11
-
SHA1
31e944a9ba467f308d39df3342db5b614b75f478
-
SHA256
9973ff08337e84d15ceaa51863c1b0c26fd6c31c51a76916174410eb077cde6f
-
SHA512
526540611f29e2f1188c8c96e7c0eb55e547921c040f6ebda3c59bec00ef36766eb2d716714a2de4d8f4dfc381bf3dc006fafb7f7c822b79cf53296cb1e611ef
Malware Config
Extracted
nanocore
1.2.2.0
u852121.nvpn.to:3410
6600ee3d-9113-495f-9807-2cbadaeabc68
-
activate_away_mode
true
-
backup_connection_host
u852121.nvpn.to
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-29T22:15:11.322294736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
3410
-
default_group
usp
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
6600ee3d-9113-495f-9807-2cbadaeabc68
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
u852121.nvpn.to
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
USPS.EXE
-
Size
1.3MB
-
MD5
2b88bb3a1dc7d15f7ee00323f4d8f142
-
SHA1
920e2fadf1372cd0d0f0c5f086d18a7eda79587f
-
SHA256
944b633d92799fe6aeefae5de7945b6b0b69020ed669d9d7e68ebd80868771e6
-
SHA512
445fa6eb36f0e7748a8e803819a11df1905076ef0b0d33c431aef26b35997df774bd3a46eac04f9be8a4f78550f1f99384bef0589490637fee529fecc84aab0e
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Drops startup file
-
Suspicious use of SetThreadContext
-