General
-
Target
a8c3d37226a81628b4647e17a2c8fed507505a2854ec3f7b7a28be5ecdae42f9
-
Size
370KB
-
Sample
220520-31227shhc3
-
MD5
f6e251278680f0f2b52e9eda6edf2137
-
SHA1
23d79b14f6d8687c9c3ce95dbc05f28054b309ae
-
SHA256
a8c3d37226a81628b4647e17a2c8fed507505a2854ec3f7b7a28be5ecdae42f9
-
SHA512
14c1a1cffe3414d33c60a10bd70437f0ab30f82017ad845f67bd2b65370bc88fa697c1691f792b280cb92428d89fa30600b191f3b1dcc2f3f6fe07199ce0f8f0
Static task
static1
Behavioral task
behavioral1
Sample
Información confidencial de entrega Chile AD0AhFnh2020.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
duckmeat.duckdns.org:5626
127.0.0.1:5626
823e9a21-7dbc-4097-b6d6-cdb0b9b1e84c
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-16T12:28:57.030902636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
5626
-
default_group
More
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
823e9a21-7dbc-4097-b6d6-cdb0b9b1e84c
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
duckmeat.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Información confidencial de entrega Chile AD0AhFnh2020.exe
-
Size
395KB
-
MD5
91525a4a2e396ba3f30e5b583ce3a7ad
-
SHA1
385952cc0201d064322179a2c25cdd1e80a5acd8
-
SHA256
f728252169da3a6dc69cd201835230c017ce37c9a9cd06c1e7daa3153ebc6f80
-
SHA512
40078e0b83b24fb85a2d88174118f1c29280ad0736d36785acdcb4ebd8688a0cadf28d809fb358229c3ad9e5640a93c2ba3f058773f6aa8a3e93c94f4cec6fe0
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-