General
-
Target
FedEx's AWB#5305323204643 .exe
-
Size
336KB
-
Sample
200712-kxsqght326
-
MD5
e6dcdf7bc25abb220619bd4d2509e333
-
SHA1
ef759030e6a90a74067fac4d0f4f5b69f0da9a02
-
SHA256
38814f6587d098be00d461dae2dfeb01b50e2a697d86bfc02e334024133bfed8
-
SHA512
88d73df12f3990b946c2d7569bf936008245d6e6365c5f29ecc2a2f639e1eb13606f4baa4e0b851060512e8573baa44ca75997408a9b3a3ab3c7c88aa08679af
Static task
static1
Behavioral task
behavioral1
Sample
FedEx's AWB#5305323204643 .exe
Resource
win7
Behavioral task
behavioral2
Sample
FedEx's AWB#5305323204643 .exe
Resource
win10v200430
Malware Config
Extracted
nanocore
1.2.2.0
185.244.30.139:2121
annapro55.ddns.net:2121
912d38da-67db-490c-9c4c-4b7c843ca9fd
-
activate_away_mode
true
-
backup_connection_host
annapro55.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-27T00:27:31.421536436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
2121
-
default_group
NEW CLIENTS
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
912d38da-67db-490c-9c4c-4b7c843ca9fd
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
185.244.30.139
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
FedEx's AWB#5305323204643 .exe
-
Size
336KB
-
MD5
e6dcdf7bc25abb220619bd4d2509e333
-
SHA1
ef759030e6a90a74067fac4d0f4f5b69f0da9a02
-
SHA256
38814f6587d098be00d461dae2dfeb01b50e2a697d86bfc02e334024133bfed8
-
SHA512
88d73df12f3990b946c2d7569bf936008245d6e6365c5f29ecc2a2f639e1eb13606f4baa4e0b851060512e8573baa44ca75997408a9b3a3ab3c7c88aa08679af
-
Suspicious use of SetThreadContext
-