General
-
Target
NanoCore.zip
-
Size
18.1MB
-
Sample
250213-d5cknssmcr
-
MD5
91f4a9ef46bd12a099c59ed2b5a587f7
-
SHA1
6764d1e0b5e97279f94d558705089d29048a26ff
-
SHA256
fef7c5f3c06740cd4c3613a77acb03c0bfd60aaa4c27995f0ae9862c45ada8ba
-
SHA512
dca240c0aa7cb760cf3341cb46f3a5346934e96031fff724e1a95d4aeae6fc4f609dffb517dc9073549cf9d807867dbc94624c833126efe47e07a2490427391c
-
SSDEEP
393216:vfVFdRQrMvORPWz7z18JXUfXZRzX6Xwat7ojUhCRh4w2j0z7:XVF/dgPqzaJqN6XwuoIhwsG
Malware Config
Extracted
nanocore
1.2.2.0
127.0.0.1:54984
0a58aef9-430a-40b3-bc54-321556a3f865
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-02-15T14:37:43.789028636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
54984
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
0a58aef9-430a-40b3-bc54-321556a3f865
-
mutex_timeout
5000
-
prevent_system_sleep
false
- primary_connection_host
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/ClientPlugin.dll
-
Size
19KB
-
MD5
bdc8945f1d799c845408522e372d1dbd
-
SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005
-
SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
-
SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962
-
SSDEEP
192:VYLQui6h6p5WW3tZVTnlYJL/eLYLTr2/C8:VYLQu/6/fKqLYLTR
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/NanoCore.exe
-
Size
2.2MB
-
MD5
33fcc2383c9b90eab547d6c43fa2e475
-
SHA1
bc86b20a3ce153698961b318399943f795a2a1b3
-
SHA256
e7fb74eb2170e30bf6650f9e5fc2c60f68f3532cee3e0309de503a19cd7647c6
-
SHA512
a996cbb0e0ca381b587aace8bd9e5e5d2d8c934e0ca955089abe935afa2acbb450f9d3f4d8a4cb1925b957b7a8e2b7c656f70b3e7eb829cd508036f95dea19da
-
SSDEEP
49152:LkYFTqThfHJd5FZadavFQiQb9gdlWxxeC29JbP7yyhisa2oC61G0+:ouG6kNQrvxaDrnkS66
Score8/10-
Downloads MZ/PE file
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/PluginCompiler.exe
-
Size
75KB
-
MD5
e2d1c5df11f9573f6c5d0a7ad1a79fbf
-
SHA1
b32bf571aca1b51af48f7f2f955aaf1bbdc5aa2f
-
SHA256
0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
-
SHA512
9c9ae7baa504dd34311f5730280f6a49e10eefdb145d2d29849e385a7da47c8f2c182cd6f39949f5904ef8462fc5c3dfaf1bc4cc8bff50c6750c9edc886192e0
-
SSDEEP
1536:iyVzgm8NqToL6n975lw8FDx39EhPKu4iV1Y:iyVMLUTos5SAx3ChPKpiVe
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/ServerPlugin.dll
-
Size
28KB
-
MD5
952c62ec830c63380beb72ad923d35dc
-
SHA1
6700baa1fb1877129e79402dfe237f0b84221b69
-
SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
-
SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121
-
SSDEEP
384:7LmAEURVWGSCyo6/NLoqwXEsZmLTdFuoKy:vm1izOlg0ZKy
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/System.Data.SQLite.dll
-
Size
256KB
-
MD5
dd3d6f00b1aba3f1d9338d9727ab5f17
-
SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7
-
SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
-
SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7
-
SSDEEP
6144:icvnEsATddHqgM69uZ5iFNFGFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchF1:icvnEygM69uZ8FNFGFOFwcGF6cmFWc0z
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/client.bin
-
Size
130KB
-
MD5
906a949e34472f99ba683eff21907231
-
SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
-
SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
-
SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d
-
SSDEEP
3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Downloads MZ/PE file
-
Checks whether UAC is enabled
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/x64/SQLite.Interop.dll
-
Size
1.3MB
-
MD5
382398711315e2fa8e93d305b4873908
-
SHA1
51482242e6d9170963aa27192c8279d20fce19ce
-
SHA256
270d61d183cff3dafad0db3dbe7942374552044baea1e28411c3a143cb620c02
-
SHA512
084217e67c125cb9952b91bc9783faf5c1e8fb01750cc1e6b4c3736c47b74dcf3207979c1c497e630e161aff529f71c403af6ca0232a7c3e9e587b58e4495589
-
SSDEEP
24576:fG4Gnwh2IK88uyMGI1YSbmdtDxnrW1oC0AZDvDetNQT7f+5eKMUxThC35:ewh2IKAYjtNme5eeG
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0 Cracked By Alcatraz3222_Final/x86/SQLite.Interop.dll
-
Size
792KB
-
MD5
9b19dcee960dc215e64b1d82348707a9
-
SHA1
9c1e0f76673eb385787120e17404df179316ca2b
-
SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
-
SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d
-
SSDEEP
12288:iIF0SBEkDG7/jznRefvOIVcn4PW5d6PrVJNcdwLzs9w:iIYkDG7rznRenOIVc4PW76TbK
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/ClientPlugin.dll
-
Size
19KB
-
MD5
bdc8945f1d799c845408522e372d1dbd
-
SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005
-
SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
-
SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962
-
SSDEEP
192:VYLQui6h6p5WW3tZVTnlYJL/eLYLTr2/C8:VYLQu/6/fKqLYLTR
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/NanoCore.exe
-
Size
1.4MB
-
MD5
1728acc244115cbafd3b810277d2e321
-
SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
-
SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
-
SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034
-
SSDEEP
24576:d7dOT1b7eAJzjSTUd+21nm3kEvpqZ0vSxmfexX6shz07DTl/uz:d7dqVw2+2KkS4PmGX6og7
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/PluginCompiler.exe
-
Size
75KB
-
MD5
e2d1c5df11f9573f6c5d0a7ad1a79fbf
-
SHA1
b32bf571aca1b51af48f7f2f955aaf1bbdc5aa2f
-
SHA256
0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
-
SHA512
9c9ae7baa504dd34311f5730280f6a49e10eefdb145d2d29849e385a7da47c8f2c182cd6f39949f5904ef8462fc5c3dfaf1bc4cc8bff50c6750c9edc886192e0
-
SSDEEP
1536:iyVzgm8NqToL6n975lw8FDx39EhPKu4iV1Y:iyVMLUTos5SAx3ChPKpiVe
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/ServerPlugin.dll
-
Size
28KB
-
MD5
952c62ec830c63380beb72ad923d35dc
-
SHA1
6700baa1fb1877129e79402dfe237f0b84221b69
-
SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
-
SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121
-
SSDEEP
384:7LmAEURVWGSCyo6/NLoqwXEsZmLTdFuoKy:vm1izOlg0ZKy
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/System.Data.SQLite.dll
-
Size
256KB
-
MD5
dd3d6f00b1aba3f1d9338d9727ab5f17
-
SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7
-
SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
-
SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7
-
SSDEEP
6144:icvnEsATddHqgM69uZ5iFNFGFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchF1:icvnEygM69uZ8FNFGFOFwcGF6cmFWc0z
Score8/10-
Downloads MZ/PE file
-
-
-
Target
NanoCore 1.2.2.0/client.bin
-
Size
130KB
-
MD5
906a949e34472f99ba683eff21907231
-
SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
-
SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
-
SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d
-
SSDEEP
3072:pzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HI0AkU:pLV6Bta6dtJmakIM5VU
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Downloads MZ/PE file
-
Checks whether UAC is enabled
-
-
-
Target
NanoCore 1.2.2.0/client.exe
-
Size
202KB
-
MD5
05134fd89cf94f9126ced96fbd583f7a
-
SHA1
7c7495cac0e4cd44bc30d0c5134e57ab1e727a53
-
SHA256
46af05c6fd5f190ff57c562622d7345f016059e6d8399d3401ded79d61d54089
-
SHA512
b7f6a6f16e664e209095640794f6fb98b8011ed8ae20d6414c675c32ceea94555ca31587fe5c8a470ba86c6edf59aa86161c0651a7a8d808eb1d11ebb9e1debb
-
SSDEEP
3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIDZzhzRWEV9UWlv38SAB:wLV6Bta6dtJmakIM5aFAyUWlv3PAB
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Downloads MZ/PE file
-
Checks whether UAC is enabled
-
-
-
Target
NanoCore 1.2.2.0/server.exe
-
Size
202KB
-
MD5
b82a881ebc11b0c1100ee726c0b6b6f2
-
SHA1
3daab5cae14c0dfb5a84e42a83c9c1073fb19871
-
SHA256
50dadf81bd1df69948628db113c62c4f08e8c12df21ec59b02aa65a4d593c906
-
SHA512
8ed210a8fd9d1a609830da007ed2e5a63ad5e48393b1859257257273f1ae9703f349d2d81fef075fe1529de2b3acbbd919ca4885bf017f2a058eabbce699f872
-
SSDEEP
3072:wzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HICAzhzRWEV9UWlv38SAF:wLV6Bta6dtJmakIM5oFAyUWlv3PAF
Score10/10-
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
-
Nanocore family
-
Downloads MZ/PE file
-
Checks whether UAC is enabled
-