General

  • Target

    f8a4f08a5f799b7772d99ff45fbf8d66_JaffaCakes118

  • Size

    1.4MB

  • Sample

    240926-snfckaxbje

  • MD5

    f8a4f08a5f799b7772d99ff45fbf8d66

  • SHA1

    ba0ded8918f696efb2238488f8554d2dbe838a6a

  • SHA256

    f680f907beade018b497ee2ce4faaf1a1b04ebb7103d5154f39d7e06253cbe79

  • SHA512

    8fcfc17ce2c8197d4c8636ce57a880ffcbfcc39fa85353e9d32c4e48d51dd8b2769502c44ae42706093ace4aaea711f7b6ab83b0ddd3fcb3c090ace50ea2b1da

  • SSDEEP

    24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaP1HeUo3H50KSoFmyqmcm/aOpkU5:Oh+ZkldoPK8YaPpzoJ0K1FmThFwT

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

smartcoonect.duckdns.org:5654

Mutex

8ffc834d-3ffb-4c79-b1e6-b8accad70950

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    smartcoonect.duckdns.org

  • backup_dns_server

    smartcoonect.duckdns.org

  • buffer_size

    65535

  • build_time

    2019-05-13T22:39:35.388593136Z

  • bypass_user_account_control

    false

  • bypass_user_account_control_data

    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    2000

  • connection_port

    5654

  • default_group

    Favour

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    8ffc834d-3ffb-4c79-b1e6-b8accad70950

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    smartcoonect.duckdns.org

  • primary_dns_server

    smartcoonect.duckdns.org

  • request_elevation

    true

  • restart_delay

    2000

  • run_delay

    0

  • run_on_startup

    false

  • set_critical_process

    true

  • timeout_interval

    2997

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      f8a4f08a5f799b7772d99ff45fbf8d66_JaffaCakes118

    • Size

      1.4MB

    • MD5

      f8a4f08a5f799b7772d99ff45fbf8d66

    • SHA1

      ba0ded8918f696efb2238488f8554d2dbe838a6a

    • SHA256

      f680f907beade018b497ee2ce4faaf1a1b04ebb7103d5154f39d7e06253cbe79

    • SHA512

      8fcfc17ce2c8197d4c8636ce57a880ffcbfcc39fa85353e9d32c4e48d51dd8b2769502c44ae42706093ace4aaea711f7b6ab83b0ddd3fcb3c090ace50ea2b1da

    • SSDEEP

      24576:DAHnh+eWsN3skA4RV1Hom2KXMmHaP1HeUo3H50KSoFmyqmcm/aOpkU5:Oh+ZkldoPK8YaPpzoJ0K1FmThFwT

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.