General
-
Target
1dad2a1611e2a00c1515fccad642d3a2d144b2ec98a9ec5990bba15069d2aaf0
-
Size
410KB
-
Sample
220521-bxrzaaffhl
-
MD5
e3267f87a988133558d7604470a196c4
-
SHA1
6cc7c9361bf1320d4ad7c1fb33bc964851b5ebd7
-
SHA256
1dad2a1611e2a00c1515fccad642d3a2d144b2ec98a9ec5990bba15069d2aaf0
-
SHA512
448487f5b0e52671c0031a5ffac56bab864bb9a6795c6908e04da17ec62da5d5c2d075fbb8392517900243fd91d453a8d548327b8bd7886918292502710ec569
Static task
static1
Behavioral task
behavioral1
Sample
INV 25527777 REVIEW 779.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
looipoko.loseyourip.com:5088
titiaty.duckdns.org:5088
62d96b8a-7e31-4a94-94dd-9033707313e4
-
activate_away_mode
true
-
backup_connection_host
titiaty.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-05-14T21:42:17.597528436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5088
-
default_group
ssales
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
62d96b8a-7e31-4a94-94dd-9033707313e4
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
looipoko.loseyourip.com
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
INV 25527777 REVIEW 779.exe
-
Size
533KB
-
MD5
d19fe1e1749edf58558c1e2a5e857853
-
SHA1
70da6330ffde9c61b12a8299a4c2a5099126c59e
-
SHA256
9ca497f6231180ec374837cf77e099a25e8c5cffa16c6599739c92ee03a94d34
-
SHA512
0d5d2bc03a186f0421d401e6fdc74a1e546ba5164233da80e431772bba541438249cea0d14539a8f357c0d093f748c822fb1f2216dd34d4d4e7d366c1b1c744b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-