General
-
Target
BFSV-1F(N)_1B-8B_ANSI.exe
-
Size
338KB
-
Sample
210108-fm8tqr8p82
-
MD5
36f13aad903e851544fe137feca3435b
-
SHA1
776d3d7e39a8b3e72e2e9b5c36a615e3157d05ad
-
SHA256
41617ac4431c229ba27bf94617b465309e7f502ae5088cd12ee571a0428ea120
-
SHA512
77a68e34a1bbf2360f8473368a0e3fd9c54567477a29561980851b82bd8ac1655919a109d6d4456a67bd633ef436fcf4697fc77d17e03e701d36ee7b82f296e6
Static task
static1
Behavioral task
behavioral1
Sample
BFSV-1F(N)_1B-8B_ANSI.exe
Resource
win7v20201028
Malware Config
Extracted
nanocore
1.2.2.0
45.138.49.96:9999
127.0.0.1:9999
c9506c35-7fc9-4302-a06c-3e362d7043e7
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-10-09T09:41:16.640477036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
9999
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c9506c35-7fc9-4302-a06c-3e362d7043e7
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
45.138.49.96
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
BFSV-1F(N)_1B-8B_ANSI.exe
-
Size
338KB
-
MD5
36f13aad903e851544fe137feca3435b
-
SHA1
776d3d7e39a8b3e72e2e9b5c36a615e3157d05ad
-
SHA256
41617ac4431c229ba27bf94617b465309e7f502ae5088cd12ee571a0428ea120
-
SHA512
77a68e34a1bbf2360f8473368a0e3fd9c54567477a29561980851b82bd8ac1655919a109d6d4456a67bd633ef436fcf4697fc77d17e03e701d36ee7b82f296e6
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-