General
-
Target
0e38c6043c5fb2119c5eab101797ffc0b40a1c5e76d660032995137cad03d253
-
Size
214KB
-
Sample
221029-sq3kwachfk
-
MD5
61bd3cc1929c411219b347362983480b
-
SHA1
585aead03bce722f9cfc4e1aa0fe08b93ef5a0ab
-
SHA256
0e38c6043c5fb2119c5eab101797ffc0b40a1c5e76d660032995137cad03d253
-
SHA512
c6ae1338120f978494dcb75200c429f6ceed4a354a263d41369381a4c6eb634e715b20fcc8b6046f3088d2162dd0481c4d069bbc8b6adf144e3bca264f513e38
-
SSDEEP
6144:fmNazKxbPPOFmIES8tGcZovoKPAlmmUbi752WT:fyjxbekvbovJAlmmUbO52
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
0e38c6043c5fb2119c5eab101797ffc0b40a1c5e76d660032995137cad03d253
-
Size
214KB
-
MD5
61bd3cc1929c411219b347362983480b
-
SHA1
585aead03bce722f9cfc4e1aa0fe08b93ef5a0ab
-
SHA256
0e38c6043c5fb2119c5eab101797ffc0b40a1c5e76d660032995137cad03d253
-
SHA512
c6ae1338120f978494dcb75200c429f6ceed4a354a263d41369381a4c6eb634e715b20fcc8b6046f3088d2162dd0481c4d069bbc8b6adf144e3bca264f513e38
-
SSDEEP
6144:fmNazKxbPPOFmIES8tGcZovoKPAlmmUbi752WT:fyjxbekvbovJAlmmUbO52
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-