1092-65-0x0000000000400000-0x000000000043A000-memory.dmp

General
Target

1092-65-0x0000000000400000-0x000000000043A000-memory.dmp

Size

232KB

Sample

220514-rr3ftscfbm

Score
10 /10
MD5

de9a29ccb7a4654d7f549691bd9d01b9

SHA1

75f453dc69df3b54aeae22e25ebd1d7e75c5942c

SHA256

bf2d8dc5c549e92383d5bc1051a4e436b82c7d06288c1cc776d13719c77e7d28

SHA512

ce9d79e81b9868fbcf1772297a20466d8859491da6f3800ffcc72d1e940cedc56c56d3aa0a04ab11e96acbb3cd12487d861d5bed591cdeb5af33da0a9eb40e2d

Malware Config

Extracted

Family nanocore
Version 1.2.2.0
C2

194.5.98.208:50720

suchwoni13.ddns.net:50720

Attributes
activate_away_mode
true
backup_connection_host
suchwoni13.ddns.net
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2021-06-29T08:36:20.191838936Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
false
clear_zone_identifier
true
connect_delay
4000
connection_port
50720
default_group
PUNK44
enable_debug_mode
true
gc_threshold
1.0485779e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.0485779e+07
mutex
b96b95d9-5642-498b-b1fc-e921a47a2e5a
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
194.5.98.208
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5009
run_delay
0
run_on_startup
false
set_critical_process
false
timeout_interval
5008
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000
Targets
Target

1092-65-0x0000000000400000-0x000000000043A000-memory.dmp

MD5

de9a29ccb7a4654d7f549691bd9d01b9

Filesize

232KB

Score
1/10
SHA1

75f453dc69df3b54aeae22e25ebd1d7e75c5942c

SHA256

bf2d8dc5c549e92383d5bc1051a4e436b82c7d06288c1cc776d13719c77e7d28

SHA512

ce9d79e81b9868fbcf1772297a20466d8859491da6f3800ffcc72d1e940cedc56c56d3aa0a04ab11e96acbb3cd12487d861d5bed591cdeb5af33da0a9eb40e2d

Related Tasks

MITRE ATT&CK Matrix
Tasks

static1

10/10

behavioral1

1/10

behavioral2

1/10