Overview

overview

10

Static

static

8576609ec1...f3.exe

windows7-x64

10

8576609ec1...f3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8576609ec13f27b0481917747aaefbf3.exe

  • Size

    317KB

  • Sample

    220912-jxn7dscgg9

  • MD5

    8576609ec13f27b0481917747aaefbf3

  • SHA1

    d3c229e3f3c330d8f43c267852b6157cf0871cc3

  • SHA256

    da08e1b296f69bb0b0a8c04c134fe850783c092342da54a3fb28f2d55c6efcce

  • SHA512

    5df58994094fc0d5601bd87eadaa99010fb33e96ccc7ad7b4e01732a6565fe3f87c96bd658e3a40093e35b1b45ec3ef64c53a82c6a7ff744268d58da68abcabb

  • SSDEEP

    6144:DJ1Rp3Y2NFlrTUNJPfORc6P30tHOemJshORvOvkM0DwrTcs0iCQQmqECSS+:Nyy2PKHPeOemJpRM0DwrTcsm/3SS+

Score
10/10
nanocorekeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

systen32.ddns.net:54980

office365update.duckdns.org:54980
Mutex

41b88ccb-be7c-4bd4-ae12-8d3a967819f0

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    office365update.duckdns.org

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2018-09-17T20:29:45.244980036Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    true

  • connect_delay

    4000

  • connection_port

    54980

  • default_group

    ****|*****

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    41b88ccb-be7c-4bd4-ae12-8d3a967819f0

  • mutex_timeout

    5000

  • prevent_system_sleep

    true

  • primary_connection_host

    systen32.ddns.net

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      8576609ec13f27b0481917747aaefbf3.exe

    • Size

      317KB

    • MD5

      8576609ec13f27b0481917747aaefbf3

    • SHA1

      d3c229e3f3c330d8f43c267852b6157cf0871cc3

    • SHA256

      da08e1b296f69bb0b0a8c04c134fe850783c092342da54a3fb28f2d55c6efcce

    • SHA512

      5df58994094fc0d5601bd87eadaa99010fb33e96ccc7ad7b4e01732a6565fe3f87c96bd658e3a40093e35b1b45ec3ef64c53a82c6a7ff744268d58da68abcabb

    • SSDEEP

      6144:DJ1Rp3Y2NFlrTUNJPfORc6P30tHOemJshORvOvkM0DwrTcs0iCQQmqECSS+:Nyy2PKHPeOemJpRM0DwrTcsm/3SS+

    Score
    10/10
    nanocorekeyloggerspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks