General
-
Target
1092-65-0x0000000000400000-0x000000000043A000-memory.dmp
-
Size
232KB
-
Sample
220514-rr3ftscfbm
-
MD5
de9a29ccb7a4654d7f549691bd9d01b9
-
SHA1
75f453dc69df3b54aeae22e25ebd1d7e75c5942c
-
SHA256
bf2d8dc5c549e92383d5bc1051a4e436b82c7d06288c1cc776d13719c77e7d28
-
SHA512
ce9d79e81b9868fbcf1772297a20466d8859491da6f3800ffcc72d1e940cedc56c56d3aa0a04ab11e96acbb3cd12487d861d5bed591cdeb5af33da0a9eb40e2d
Malware Config
Extracted
nanocore
1.2.2.0
194.5.98.208:50720
suchwoni13.ddns.net:50720
b96b95d9-5642-498b-b1fc-e921a47a2e5a
-
activate_away_mode
true
-
backup_connection_host
suchwoni13.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2021-06-29T08:36:20.191838936Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
50720
-
default_group
PUNK44
-
enable_debug_mode
true
-
gc_threshold
1.0485779e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.0485779e+07
-
mutex
b96b95d9-5642-498b-b1fc-e921a47a2e5a
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
194.5.98.208
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5009
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
5008
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
1092-65-0x0000000000400000-0x000000000043A000-memory.dmp
-
Size
232KB
-
MD5
de9a29ccb7a4654d7f549691bd9d01b9
-
SHA1
75f453dc69df3b54aeae22e25ebd1d7e75c5942c
-
SHA256
bf2d8dc5c549e92383d5bc1051a4e436b82c7d06288c1cc776d13719c77e7d28
-
SHA512
ce9d79e81b9868fbcf1772297a20466d8859491da6f3800ffcc72d1e940cedc56c56d3aa0a04ab11e96acbb3cd12487d861d5bed591cdeb5af33da0a9eb40e2d
Score1/10 -