Overview

overview

10

Static

static

10

812-63-0x0...ry.exe

windows7-x64

812-63-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    812-63-0x0000000000400000-0x0000000000438000-memory.dmp

  • Size

    224KB

  • Sample

    220912-j5p4nagfcq

  • MD5

    a529a3ac6fa71f1eafd74b4f41d78165

  • SHA1

    9dc158a3a889c434d2d48cc04d949034b282db38

  • SHA256

    1a6d74781de19e2fded570e5c955a8a9cb2721a254605dd6ee9ff0eb5cc2f844

  • SHA512

    d043abe4c3f18233c0d64b669a359fac1058aa3877a1d1757d9981d313084b75a83abb288d4b104c9e1471b73c426639b3d85a039e455f50981dec4520b72b8c

  • SSDEEP

    6144:iLV6Bta6dtJmakIM50ch5V7lyc3E96/evBaLH8QA:iLV6BtpmkWv7l/y62ajBA

Score
10/10
nanocore

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

systen32.ddns.net:54980

office365update.duckdns.org:54980
Mutex

41b88ccb-be7c-4bd4-ae12-8d3a967819f0

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    office365update.duckdns.org

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2018-09-17T20:29:45.244980036Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    true

  • connect_delay

    4000

  • connection_port

    54980

  • default_group

    ****|*****

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    41b88ccb-be7c-4bd4-ae12-8d3a967819f0

  • mutex_timeout

    5000

  • prevent_system_sleep

    true

  • primary_connection_host

    systen32.ddns.net

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      812-63-0x0000000000400000-0x0000000000438000-memory.dmp

    • Size

      224KB

    • MD5

      a529a3ac6fa71f1eafd74b4f41d78165

    • SHA1

      9dc158a3a889c434d2d48cc04d949034b282db38

    • SHA256

      1a6d74781de19e2fded570e5c955a8a9cb2721a254605dd6ee9ff0eb5cc2f844

    • SHA512

      d043abe4c3f18233c0d64b669a359fac1058aa3877a1d1757d9981d313084b75a83abb288d4b104c9e1471b73c426639b3d85a039e455f50981dec4520b72b8c

    • SSDEEP

      6144:iLV6Bta6dtJmakIM50ch5V7lyc3E96/evBaLH8QA:iLV6BtpmkWv7l/y62ajBA

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks