General
-
Target
nanocore.payload-disk
-
Size
202KB
-
Sample
230206-rpvyzaec72
-
MD5
fd77fe6af66c627606ebde92325c4939
-
SHA1
6b5c3ad6b677a67cf151e7f7e95ece021fde56e0
-
SHA256
0dbe3c1b57287888e4eeea2a486e5adda95bb9fce97e2bdffad47802e4d9d92f
-
SHA512
303215f711e74395788ade64c831f2744a405cdae61fee9402d22b8ce204ce72318f8ff7a993a5c5ca432f515b789be6067f1d57d8279788cb3b2ea902f0a45f
-
SSDEEP
3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HItmfdBFvBeiDYI343auG3UBUsr:gLV6Bta6dtJmakIM5XdBFvgiDUEszp9r
Behavioral task
behavioral1
Sample
nanocore.exe
Resource
win7-20221111-en
Malware Config
Extracted
nanocore
1.2.2.0
alertt.duckdns.org:6445
d046c01c-51f5-4c8c-b5b9-b566d533dece
-
activate_away_mode
true
-
backup_connection_host
alertt.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-11-18T08:12:48.987215636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
6445
-
default_group
RollingStone
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
d046c01c-51f5-4c8c-b5b9-b566d533dece
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
alertt.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
nanocore.payload-disk
-
Size
202KB
-
MD5
fd77fe6af66c627606ebde92325c4939
-
SHA1
6b5c3ad6b677a67cf151e7f7e95ece021fde56e0
-
SHA256
0dbe3c1b57287888e4eeea2a486e5adda95bb9fce97e2bdffad47802e4d9d92f
-
SHA512
303215f711e74395788ade64c831f2744a405cdae61fee9402d22b8ce204ce72318f8ff7a993a5c5ca432f515b789be6067f1d57d8279788cb3b2ea902f0a45f
-
SSDEEP
3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HItmfdBFvBeiDYI343auG3UBUsr:gLV6Bta6dtJmakIM5XdBFvgiDUEszp9r
-