General
-
Target
e13b24cda6737f13b2dc3f2c20d8823b.exe
-
Size
531KB
-
Sample
211026-pk2vlshdc2
-
MD5
e13b24cda6737f13b2dc3f2c20d8823b
-
SHA1
b58a2436a4befb5b7465153a72f64fd17531644c
-
SHA256
f8ee546f04fa175fa9a8b1f3de8595bd0a4f6aebfeed50a95c5e309d49063e1e
-
SHA512
c8fd34d209a8659638e349a86fc39f76a11ee0a7a74afb4db479d7c00a6442194a3e3ff9aae41efb6acd065f2cf665342fd523aa19fe69cb95b0178f903b734c
Static task
static1
Behavioral task
behavioral1
Sample
e13b24cda6737f13b2dc3f2c20d8823b.exe
Resource
win7-en-20210920
Malware Config
Extracted
nanocore
1.2.2.0
chongmei33.publicvm.com:5569
9b8ed064-d4db-4d21-985f-e3763341fef1
-
activate_away_mode
true
-
backup_connection_host
chongmei33.publicvm.com
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2021-07-27T15:56:15.517725036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5569
-
default_group
OCT
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
9b8ed064-d4db-4d21-985f-e3763341fef1
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
chongmei33.publicvm.com
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
e13b24cda6737f13b2dc3f2c20d8823b.exe
-
Size
531KB
-
MD5
e13b24cda6737f13b2dc3f2c20d8823b
-
SHA1
b58a2436a4befb5b7465153a72f64fd17531644c
-
SHA256
f8ee546f04fa175fa9a8b1f3de8595bd0a4f6aebfeed50a95c5e309d49063e1e
-
SHA512
c8fd34d209a8659638e349a86fc39f76a11ee0a7a74afb4db479d7c00a6442194a3e3ff9aae41efb6acd065f2cf665342fd523aa19fe69cb95b0178f903b734c
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-