Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    314KB

  • Sample

    231011-yzmhxaaf8w

  • MD5

    0f82973b8fb033ddf1737a08ee7af0ad

  • SHA1

    617aaac77fee3dcd155dae0207d45297563b9b91

  • SHA256

    61dd71f5c77595869823f58be7c12eb1d2729d718880d596bf5ac54a789854d3

  • SHA512

    1c66e5777cfb5b618fe24eaf4606f1ddf53448f3518ff235432b5a11ac01d471e62f2b8b34419584562cfd19d9fa9df52f89b6b1e91f828b944219789d35f001

  • SSDEEP

    6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/GA:2ToPWBv/cpGrU3yVtX+t4VGA

Score
10/10
nanocoreevasionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

mphlabs.ddns.net:8273

mphnewconn.ddns.net:8273
Mutex

d198e7e6-5881-4519-8bb5-76dd9a9eb1e1

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    mphnewconn.ddns.net

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2022-02-10T07:10:50.745546436Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    8273

  • default_group

    p-man

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    d198e7e6-5881-4519-8bb5-76dd9a9eb1e1

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    mphlabs.ddns.net

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      tmp

    • Size

      314KB

    • MD5

      0f82973b8fb033ddf1737a08ee7af0ad

    • SHA1

      617aaac77fee3dcd155dae0207d45297563b9b91

    • SHA256

      61dd71f5c77595869823f58be7c12eb1d2729d718880d596bf5ac54a789854d3

    • SHA512

      1c66e5777cfb5b618fe24eaf4606f1ddf53448f3518ff235432b5a11ac01d471e62f2b8b34419584562cfd19d9fa9df52f89b6b1e91f828b944219789d35f001

    • SSDEEP

      6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/GA:2ToPWBv/cpGrU3yVtX+t4VGA

    Score
    10/10
    nanocoreevasionkeyloggerspywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.