nanocore | 17308803662d38b000c13cd25d7473157aec84710b584372e93184399fbd86926ab676f142868[.]dat-decoded[.]exe | Triage

Sharing

General

Target

17308803662d38b000c13cd25d7473157aec84710b584372e93184399fbd86926ab676f142868.dat-decoded.exe
Size

202KB
MD5

fc6b48e4a26a58d4ac831717ba66c7cc
SHA1

d85d002146457a6c2d5c4d574c6f85c7783995b1
SHA256

0f1d6aab547ceca6e71ac2e5a54afdaea597318fe7b6ca337f5b92fdff596168
SHA512

3aafc7a2d1258a3ba5738fdf97732158f104c9a3eba81fb1715d0033bfda0465e274088d775374ec7e8131c5dc7ceaf4fd03e9d55c2b2fe794420e79a42bb203
SSDEEP

3072:QzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIIqIE8nA2VErmL4llWrg1933sc:QLV6Bta6dtJmakIM5DEYA2VcmL4lQ0sc

Score

10^/10

nanocore

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

justkowir.duckdns.org:8550

Mutex

513a9907-f4ca-4a36-8f25-fcb7088c00a5

Attributes

activate_away_mode
true
backup_connection_host
justkowir.duckdns.org
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-01-03T15:53:14.690945336Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
8550
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
513a9907-f4ca-4a36-8f25-fcb7088c00a5
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
justkowir.duckdns.org
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

Nanocore family
nanocore

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17308803662d38b000c13cd25d7473157aec84710b584372e93184399fbd86926ab676f142868.dat-decoded.exe

Files

17308803662d38b000c13cd25d7473157aec84710b584372e93184399fbd86926ab676f142868.dat-decoded.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ