General
-
Target
a019d69d5d9c1785aaf4a66574d7bfad67352692f10b1431101a437f1897037a
-
Size
1.2MB
-
Sample
220520-2sl6caahhj
-
MD5
c3a109db61a463afa825ad39607d73a0
-
SHA1
abd7e61611412be7dbd6f038c07051730ef64154
-
SHA256
a019d69d5d9c1785aaf4a66574d7bfad67352692f10b1431101a437f1897037a
-
SHA512
71969965b5aa567d493d176b57ad8ce1ec02a4f55e039a49cf179df577235ae0b3d54215a8d4aab3b29fbde28cd4ffb9105e1851a4211339606a41d3ef1aa71f
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
u852117.nvpn.to:5638
c20191a5-cd52-4887-8771-2d1dca5667b7
-
activate_away_mode
true
-
backup_connection_host
u852117.nvpn.to
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-19T15:09:07.734275836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5638
-
default_group
BEGINS
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c20191a5-cd52-4887-8771-2d1dca5667b7
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
u852117.nvpn.to
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
PAYMENT.EXE
-
Size
257KB
-
MD5
64cdb9571a5bcc21cecfae8df3a4312a
-
SHA1
32dd2730e8af9476bc88a0620657f9d9970a7680
-
SHA256
3da452ae8e1e1feb7546b7ff0dedecab241b19a26ff2fd4f693de266286747cc
-
SHA512
feabee621b79bccc3d1dd97555bd6864ac1d5c28d19124e7ab72fad1300541e11256b7547905e1ac71d48880f1738762a0567543ecf2479e03c102346ad3adcc
-
Suspicious use of SetThreadContext
-