General

  • Target

    FPS BOOST V1.2.exe

  • Size

    5MB

  • Sample

    220924-ney14abbf2

  • MD5

    43b3f6b0372279b1979c5436cc95e81b

  • SHA1

    2e423915abb7f2d0218d9242efb80c316807cc2d

  • SHA256

    172b1b4196ed3fe45e2918e5203da55fe1442f84b233a4e73fdcb4ce5ae173d5

  • SHA512

    9a16837d76ce2d753bd56efadcb2a9de4cc444e7ceb0440f145fd2cefe2963ebaeb69bdb0105ad619c8d33c651f36cc1f436f211ee0d045eb96d129c1271b0d8

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

this-france.at.playit.gg:5433

Attributes
activate_away_mode
false
backup_connection_host
this-france.at.playit.gg
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-07-06T10:40:06.892555136Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
false
clear_zone_identifier
false
connect_delay
4000
connection_port
5433
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
08391501-f9bf-4d33-aed0-472eea26a9d6
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
this-france.at.playit.gg
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Targets

    • Target

      FPS BOOST V1.2.exe

    • Size

      5MB

    • MD5

      43b3f6b0372279b1979c5436cc95e81b

    • SHA1

      2e423915abb7f2d0218d9242efb80c316807cc2d

    • SHA256

      172b1b4196ed3fe45e2918e5203da55fe1442f84b233a4e73fdcb4ce5ae173d5

    • SHA512

      9a16837d76ce2d753bd56efadcb2a9de4cc444e7ceb0440f145fd2cefe2963ebaeb69bdb0105ad619c8d33c651f36cc1f436f211ee0d045eb96d129c1271b0d8

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation