General

  • Target

    f7ac2169bab58efd4d196b4418f95e03_JaffaCakes118

  • Size

    203KB

  • Sample

    240926-f776gatajh

  • MD5

    f7ac2169bab58efd4d196b4418f95e03

  • SHA1

    709b25a30a6504d589b8f6ff2d3dba0c32680f38

  • SHA256

    bd485ac49721c06bddea47b14aaaaf55c7d350ecf6d1401b5ff199844f878ee3

  • SHA512

    6a35354efd59b65097551a443d4d313682190aef63a60449c535c49ab72cba12c7d081bbc23d5ef63899ee394880c481cc6786563fa2c7ed23c23c98ed57fccf

  • SSDEEP

    3072:MzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI+hwKNdlIhtRSE8KaDtyvLGVQZ:MLV6Bta6dtJmakIM53Tw37ax4L20

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

24.14.60.181:5552

127.0.0.1:5552

Mutex

32648801-3158-421b-bf21-da83280eddc7

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    127.0.0.1

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2019-02-11T05:39:46.937772436Z

  • bypass_user_account_control

    false

  • bypass_user_account_control_data

    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    5552

  • default_group

    vince

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2476

  • max_packet_size

    1.048576e+07

  • mutex

    32648801-3158-421b-bf21-da83280eddc7

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    24.14.60.181

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    50

  • run_on_startup

    false

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      f7ac2169bab58efd4d196b4418f95e03_JaffaCakes118

    • Size

      203KB

    • MD5

      f7ac2169bab58efd4d196b4418f95e03

    • SHA1

      709b25a30a6504d589b8f6ff2d3dba0c32680f38

    • SHA256

      bd485ac49721c06bddea47b14aaaaf55c7d350ecf6d1401b5ff199844f878ee3

    • SHA512

      6a35354efd59b65097551a443d4d313682190aef63a60449c535c49ab72cba12c7d081bbc23d5ef63899ee394880c481cc6786563fa2c7ed23c23c98ed57fccf

    • SSDEEP

      3072:MzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI+hwKNdlIhtRSE8KaDtyvLGVQZ:MLV6Bta6dtJmakIM53Tw37ax4L20

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.