General
-
Target
ca2f5dabfdb34ba963eb7178ad3c7632baf2c5611db83d048b02e3da1ba36013
-
Size
187KB
-
Sample
221128-xwylbsea2y
-
MD5
6d1e812808607b499de9107a074bbc09
-
SHA1
f54a5d00168697d88651f5d270f3df5cfec98b21
-
SHA256
ca2f5dabfdb34ba963eb7178ad3c7632baf2c5611db83d048b02e3da1ba36013
-
SHA512
9cf0f2558a5bb7aea56ba882afd4bdba2e135460889cbeadadf0920e2e076a9b4531548e0f99a88ff37a8660b6328dbdedcfd2d06993a138c7866b38b4663f0a
-
SSDEEP
3072:++S/gD3MwyeX4iVnD6R0cocLCiBo37M+b/siYxSINsOAn/5ajQa4+Cla4+F:i/q0ScocL/oo+nOKLH
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
ca2f5dabfdb34ba963eb7178ad3c7632baf2c5611db83d048b02e3da1ba36013
-
Size
187KB
-
MD5
6d1e812808607b499de9107a074bbc09
-
SHA1
f54a5d00168697d88651f5d270f3df5cfec98b21
-
SHA256
ca2f5dabfdb34ba963eb7178ad3c7632baf2c5611db83d048b02e3da1ba36013
-
SHA512
9cf0f2558a5bb7aea56ba882afd4bdba2e135460889cbeadadf0920e2e076a9b4531548e0f99a88ff37a8660b6328dbdedcfd2d06993a138c7866b38b4663f0a
-
SSDEEP
3072:++S/gD3MwyeX4iVnD6R0cocLCiBo37M+b/siYxSINsOAn/5ajQa4+Cla4+F:i/q0ScocL/oo+nOKLH
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of SetThreadContext
-