General
-
Target
17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
-
Size
143KB
-
Sample
221021-yt1hksdda8
-
MD5
917ab8733f840d052d552bb3766fd926
-
SHA1
bf71e255ec62cc497796e4a030f221407efeece9
-
SHA256
17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
-
SHA512
56f533cb1fafbb647510424d4affd6dbe6725d0350176086db41ab8b51998efeeda2a03b8458e35c7a8aef86177aff7138f732aa89e702ffd9cd1c61f366fcc3
-
SSDEEP
3072:runHgXqb+ixUyl/Gojn3TQNh71B3JkLrB:Y+Y7njn3Tst3CL
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
-
Size
143KB
-
MD5
917ab8733f840d052d552bb3766fd926
-
SHA1
bf71e255ec62cc497796e4a030f221407efeece9
-
SHA256
17a2a95dfa55c776ca3851613c0e4cf34dccbc0a13f3f97c749d3d75e5845a48
-
SHA512
56f533cb1fafbb647510424d4affd6dbe6725d0350176086db41ab8b51998efeeda2a03b8458e35c7a8aef86177aff7138f732aa89e702ffd9cd1c61f366fcc3
-
SSDEEP
3072:runHgXqb+ixUyl/Gojn3TQNh71B3JkLrB:Y+Y7njn3Tst3CL
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Drops startup file
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-