General

  • Target

    fbea50770dca0d364d24701e422e9f452cdfe1058e8af664bd25a4e491d4c419

  • Size

    1.9MB

  • Sample

    220521-xclgnaegaq

  • MD5

    6d6cf3ccf592e019f0ba167c890a24bd

  • SHA1

    7e2b6eff9c83bee0f898fed3ae09b671bf0ea4ab

  • SHA256

    fbea50770dca0d364d24701e422e9f452cdfe1058e8af664bd25a4e491d4c419

  • SHA512

    666a1e4cca11b53b28a981317c6a67cfe8a0f4878bf3efae7e9aa957c2aea8d892321f7f048baf1209a1372d3b096f5b35a61e09e85b34cdf116ac75d5e02a61

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

u852117.nvpn.so:5638

comcasted.duckdns.org:5638

Mutex

c2752564-42a0-44a1-9f65-f38d35e9ab26

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    comcasted.duckdns.org

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2019-12-31T14:52:32.548938136Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    5638

  • default_group

    comcasted

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    c2752564-42a0-44a1-9f65-f38d35e9ab26

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    u852117.nvpn.so

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      LIST_OF_.EXE

    • Size

      1.4MB

    • MD5

      65a0b315738fd8a5f7549cdbdea0e856

    • SHA1

      c0debf9f9bd13912910863aef3ef869c20b80ab4

    • SHA256

      c5fb8844494411c36592bfa4a33e2d47daa7d01f52a6e12632f7865eb3f49024

    • SHA512

      be4c41ed6a5faa5bede056d9a79ea716046e9a92f74d053796e0f382c6587e75d06eed6f290d0cef7f43c385ff3fd3b3dd87ce80550e71f4533682e4f4735684

MITRE ATT&CK Matrix

Tasks