General

  • Target

    tmp

  • Size

    202KB

  • Sample

    220920-y2ewvahhen

  • MD5

    4cedeb7f2bbb865949fac916f31ff5c6

  • SHA1

    23f459e090f237b419b33b331818b17ab805f768

  • SHA256

    37df56b4f26fcb210022abed5de5698854b8d0504c6305422ee2730ee06ead15

  • SHA512

    c38c1f6b0c43b0546917fb5e3a60f922798120d9f870f5c9920ac199907663968a201c5ad0ed80b9621cd4d37d8e7b1d5dac7c76ee09000b78bb658ea86b7809

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

hamzzagolozar.loseyourip.com:14981

Attributes
activate_away_mode
true
backup_connection_host
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-07-01T00:24:26.401438736Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
14981
default_group
SEGUN
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
f76e5199-b9b0-45ae-b449-2e38e6b112aa
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
hamzzagolozar.loseyourip.com
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation