Overview

overview

10

Static

static

5

Proof Of P...df.scr

windows7-x64

10

Proof Of P...df.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d995597daad654b206667cb2b2d85dd_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240729-an98tsxeqf

  • MD5

    2d995597daad654b206667cb2b2d85dd

  • SHA1

    3b105f992ea1735d3e6de2013117268534b923d6

  • SHA256

    e941cef7bd04440ff5d03a03ebcb664c8cae0ac0f72fe4a22b7f3c33b5d91688

  • SHA512

    4d9f8840d53ee7ebf04095a043faf261f82e79e277d5cc3081e4dfa86f579d9e052d6049e4ccbe36803e19857f32ad36821170f88ef9ceec5c0d2a006d43df51

  • SSDEEP

    24576:JsSjioucQfck6RfrCsjzSPxfr9B9JYo7evQN7UOLqMY4AZn:JsA2UkQf65ZB9JY4e4NIOO4Ap

Score
10/10
nanocorediscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

hanku.giize.com:6051

harold.2waky.com:6051
Mutex

daa352aa-fd0a-420c-aa95-b32075b10c0a

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    harold.2waky.com

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2019-08-13T08:35:33.514699636Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    6051

  • default_group

    FRESH

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    daa352aa-fd0a-420c-aa95-b32075b10c0a

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    hanku.giize.com

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      Proof Of Payment Disbursement.pdf.scr

    • Size

      1.6MB

    • MD5

      d11c78c58c5d398b730cfc51463f6b58

    • SHA1

      fa867c711cbb6837edd43d0122bd6b9cb4623239

    • SHA256

      11b7337ff68b7b90ac1d92c7c35b09277506dad0a9f05d0dc82a4673628e24e4

    • SHA512

      65ecb06aaa39b3189bd5c7b45e80a065fba3aaed2a73a4e1fc78f198c209264edd96624b20ba978a10842a7c26d306a128368b8ec818738ce3a11ea1dae12793

    • SSDEEP

      24576:KCdxte/80jYLT3U1jfsWaaRlN+0GYVkY0ihKq5C4xPehI6Xm+yuKDssTTiHWaR4Q:Lw80cTsjkWaSf+yzgq5C4Beh19sRmLh

    Score
    10/10
    nanocorediscoveryevasionkeyloggerspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks