General
-
Target
85ad7e2cf8d96c45f897b2fc8bf34ebe42b44063e8e66c3458fdea8779f1c21b
-
Size
202KB
-
Sample
221128-tq8ybsgb96
-
MD5
9e8c0b6c1977c9b570e4f7a20b2bac18
-
SHA1
2690d5e44089f01bb2c45a6d11e5dd223f118e54
-
SHA256
85ad7e2cf8d96c45f897b2fc8bf34ebe42b44063e8e66c3458fdea8779f1c21b
-
SHA512
7abb07e53c179bede33a9e4b1aa742574722816604e9ebcc6efdb149a57bcf1b2644de5bf4e8a313057797c6024e887a4f50d1454ae2ffb5f39c160130d12eda
-
SSDEEP
6144:wLV6Bta6dtJmakIM5u0u0e0JcIrdWC7NM:wLV6Btpmk9X0L0CpM
Malware Config
Extracted
nanocore
1.2.2.0
127.0.0.1:55669
665e06bc-3576-46cd-bebd-96d882b3b4f2
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2014-12-09T14:29:25.417527836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
55669
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
665e06bc-3576-46cd-bebd-96d882b3b4f2
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
127.0.0.1
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
85ad7e2cf8d96c45f897b2fc8bf34ebe42b44063e8e66c3458fdea8779f1c21b
-
Size
202KB
-
MD5
9e8c0b6c1977c9b570e4f7a20b2bac18
-
SHA1
2690d5e44089f01bb2c45a6d11e5dd223f118e54
-
SHA256
85ad7e2cf8d96c45f897b2fc8bf34ebe42b44063e8e66c3458fdea8779f1c21b
-
SHA512
7abb07e53c179bede33a9e4b1aa742574722816604e9ebcc6efdb149a57bcf1b2644de5bf4e8a313057797c6024e887a4f50d1454ae2ffb5f39c160130d12eda
-
SSDEEP
6144:wLV6Bta6dtJmakIM5u0u0e0JcIrdWC7NM:wLV6Btpmk9X0L0CpM
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Checks whether UAC is enabled
-