32.0.0 Black Diamond
IR
403760
CloudBasic
11:44:31
04/05/2021
Copy#.exe
default.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
af64699ae611bd9008f11e0a087c4947
42ffd0c3e267a347ec09a176fd81556bd5cd39b7
501a63b52b27b41d2f100a37d38b3b5961b8e18298ed32104c7fc2323150eb5c
Win32 Executable (generic) Net Framework (10011505/4) 50.01%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Copy#.exe.log
true
338D0004A254F4F1EB5A622B3FAF7E88
9583DBB0574416109507127BF9B8E153690B8C46
3A7D5065DF406B210D72D7A927C2DE7F5A6F83B286D2C9915EDEB9A055C8C9D8
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
false
838CD9DBC78EA45A5406EAE23962086D
C8273AACDEE03AC0CDCDDBAA83F51D04D6A4203C
6E11A62511C5BBC0413128305069B780C448684B54FAA3E8DD0B4FD3DB8C9867
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
true
5B00DB96B89970CBDDCAEBBFA6AD4D58
B08F9D9D8C046B29B4A560E33D88F67C2F571FB4
D7C9437C80F95CCABB2F6BB0F20C3D098C2483BD3E1001026D52A4E73E1F3A69
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
false
4E5E92E2369688041CC82EF9650EDED2
15E44F2F3194EE232B44E9684163B6F66472C862
F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
false
7E8F4A764B981D5B82D1CC49D341E9C6
D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
103.28.70.172
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT