General

  • Target

    e7d3a73cf52f639791add0434dfc82fcc059b530d132be8b04deb1c4efbcb34dN

  • Size

    1.1MB

  • Sample

    240923-jcl7aszbjk

  • MD5

    50c543873ffe8fe7c0ffe48af9068400

  • SHA1

    9018eb1c43e7c108b39ddb11c4f209b39e253c91

  • SHA256

    e7d3a73cf52f639791add0434dfc82fcc059b530d132be8b04deb1c4efbcb34d

  • SHA512

    42dcb8ceade38c7611b64a7634845bb169c298ba0b1a06f741b9d36953f55504d0a1b70edc89525f2fe1708ccfd3c493a4429bd4ca50e54171b4415fa97d5362

  • SSDEEP

    24576:1AHnh+eWsN3skA4RV1Hom2KXMmHahZB/Nep86f3YAm4W5o:kh+ZkldoPK8Yahb/NKKAm9o

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

160.202.163.242:6765

Mutex

c0a66e70-712e-4e13-85d0-5362a812b1a5

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    160.202.163.242

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2019-02-24T16:03:16.653191036Z

  • bypass_user_account_control

    false

  • bypass_user_account_control_data

    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    6765

  • default_group

    Default

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    c0a66e70-712e-4e13-85d0-5362a812b1a5

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    160.202.163.242

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    false

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      e7d3a73cf52f639791add0434dfc82fcc059b530d132be8b04deb1c4efbcb34dN

    • Size

      1.1MB

    • MD5

      50c543873ffe8fe7c0ffe48af9068400

    • SHA1

      9018eb1c43e7c108b39ddb11c4f209b39e253c91

    • SHA256

      e7d3a73cf52f639791add0434dfc82fcc059b530d132be8b04deb1c4efbcb34d

    • SHA512

      42dcb8ceade38c7611b64a7634845bb169c298ba0b1a06f741b9d36953f55504d0a1b70edc89525f2fe1708ccfd3c493a4429bd4ca50e54171b4415fa97d5362

    • SSDEEP

      24576:1AHnh+eWsN3skA4RV1Hom2KXMmHahZB/Nep86f3YAm4W5o:kh+ZkldoPK8Yahb/NKKAm9o

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.