General
-
Target
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5
-
Size
563KB
-
Sample
220521-amk8badddk
-
MD5
929ddd432949a0809329d50896cbd7cc
-
SHA1
01f6eb2d1a897dbc346cbb713df2dbb85918bf28
-
SHA256
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5
-
SHA512
5e144052f47b123457d346f35af3227546dd9e619f951762ec8184c6edafb2a63e02002be3bcb225a5f72131bbc43909d556b8caa5224e3d9c659d27738d665e
Static task
static1
Behavioral task
behavioral1
Sample
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5.rar
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5.rar
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Payment Confirmation.scr
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
harolds.ooguy.com:6051
harold.2waky.com:6051
79556390-7150-4551-9067-10cd33e6482e
-
activate_away_mode
true
-
backup_connection_host
harold.2waky.com
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-04-28T08:36:06.976087436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
6051
-
default_group
Acandy
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
79556390-7150-4551-9067-10cd33e6482e
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
harolds.ooguy.com
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5
-
Size
563KB
-
MD5
929ddd432949a0809329d50896cbd7cc
-
SHA1
01f6eb2d1a897dbc346cbb713df2dbb85918bf28
-
SHA256
71f5f09ec8f0e4b1296da50a6a4e4e87c10e85aadc1a8261f0c6f2ecde4a5ac5
-
SHA512
5e144052f47b123457d346f35af3227546dd9e619f951762ec8184c6edafb2a63e02002be3bcb225a5f72131bbc43909d556b8caa5224e3d9c659d27738d665e
Score3/10 -
-
-
Target
Payment Confirmation.scr
-
Size
813KB
-
MD5
26325d99df3eeb5f6f39f9eb45ae3bee
-
SHA1
54e06e4ef19e4209c023724a1863cbf752ea67f8
-
SHA256
b8d17b00725d58556c468f413f0825f5ac4fe19734898645d9db2f2f0be5e1af
-
SHA512
8803e0ed820fa0916324169e5ab7f32bc88c4bf0a5b8b400efe5bec8acf1ebad7aec3238713d9be6adbbb59d4652cac4caae281ebc25dc9fa0a864bc3b62a407
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-