General
-
Target
65b33f10a62add7165e5ca763f9252bbbc027ab7019cdf0130dd4a17c469af66
-
Size
829KB
-
Sample
221128-sppbvsgh7x
-
MD5
0e07f73257d2aced1d14c8b442cb9350
-
SHA1
1261315b5246b9ef1caade1dd87dad2e936ee659
-
SHA256
65b33f10a62add7165e5ca763f9252bbbc027ab7019cdf0130dd4a17c469af66
-
SHA512
e533c1ab71fedf92efd7a2f75ba6fb08f6664395959fdd15f443b0f4e6a80f399d3f11ee6298e92efd00963c5d626bd1fc0b82199714b68a8bb715ceeb397780
-
SSDEEP
24576:o2O/GlP7WH1WXT28Me37g6zwm4m53Sb2D/Tk:T7WH0Xq835kFm53SyrY
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
65b33f10a62add7165e5ca763f9252bbbc027ab7019cdf0130dd4a17c469af66
-
Size
829KB
-
MD5
0e07f73257d2aced1d14c8b442cb9350
-
SHA1
1261315b5246b9ef1caade1dd87dad2e936ee659
-
SHA256
65b33f10a62add7165e5ca763f9252bbbc027ab7019cdf0130dd4a17c469af66
-
SHA512
e533c1ab71fedf92efd7a2f75ba6fb08f6664395959fdd15f443b0f4e6a80f399d3f11ee6298e92efd00963c5d626bd1fc0b82199714b68a8bb715ceeb397780
-
SSDEEP
24576:o2O/GlP7WH1WXT28Me37g6zwm4m53Sb2D/Tk:T7WH0Xq835kFm53SyrY
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-