General
-
Target
9cad416b95200ec0bc30ef95523f6e1b464886b6.exe
-
Size
2MB
-
Sample
221130-k97d6sga72
-
MD5
48327e539837574b0ea89654d1c23d68
-
SHA1
9cad416b95200ec0bc30ef95523f6e1b464886b6
-
SHA256
bd6c4de472e1f69bd693b26f45f9c81f21bdd7f33dcc68bc27519f9431c4b7b4
-
SHA512
1ab83c7077973867ea41132890f388d80673df637d7ead551ea5f05098852a84bc567bfa5bb599551144ba1da1b2caaf3e5ce2aea5b5716f35887b5e85f3e127
-
SSDEEP
24576:VBXu9HGaVH9vflFkp4VY99j5Y4PZDK3XJCzix:Vw9VHBfnkp4VY9zbBGXJCzE
Behavioral task
behavioral1
Sample
9cad416b95200ec0bc30ef95523f6e1b464886b6.exe
Resource
win7-20220812-en
Malware Config
Extracted
Family |
nanocore |
Version |
1.2.2.0 |
C2 |
kf123.ddns.net:1604 127.0.0.1:1604 |
Attributes |
activate_away_mode true
backup_connection_host 127.0.0.1
backup_dns_server 8.8.4.4
buffer_size 65535
build_time 2018-03-29T23:00:40.397394036Z
bypass_user_account_control true
bypass_user_account_control_data
clear_access_control true
clear_zone_identifier false
connect_delay 4000
connection_port 1604
default_group Default
enable_debug_mode true
gc_threshold 1.048576e+07
keep_alive_timeout 30000
keyboard_logging false
lan_timeout 2500
max_packet_size 1.048576e+07
mutex 9edcaf8d-019c-414d-bcec-d1174381feda
mutex_timeout 5000
prevent_system_sleep false
primary_connection_host kf123.ddns.net
primary_dns_server 8.8.8.8
request_elevation true
restart_delay 5000
run_delay 0
run_on_startup true
set_critical_process true
timeout_interval 5000
use_custom_dns_server false
version 1.2.2.0
wan_timeout 8000 |
Targets
-
-
Target
9cad416b95200ec0bc30ef95523f6e1b464886b6.exe
-
Size
2MB
-
MD5
48327e539837574b0ea89654d1c23d68
-
SHA1
9cad416b95200ec0bc30ef95523f6e1b464886b6
-
SHA256
bd6c4de472e1f69bd693b26f45f9c81f21bdd7f33dcc68bc27519f9431c4b7b4
-
SHA512
1ab83c7077973867ea41132890f388d80673df637d7ead551ea5f05098852a84bc567bfa5bb599551144ba1da1b2caaf3e5ce2aea5b5716f35887b5e85f3e127
-
SSDEEP
24576:VBXu9HGaVH9vflFkp4VY99j5Y4PZDK3XJCzix:Vw9VHBfnkp4VY9zbBGXJCzE
-
Drops startup file
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation