General
-
Target
02e2064a73300f66562cd43dc33d9b07e455084d417ba67a6b31b17ac807e39f
-
Size
408KB
-
Sample
220521-by3geafgeq
-
MD5
63762ff348f4311b7ecac9d91d5b190f
-
SHA1
9af7be2255da04824b6fd1ec6a276845926ea991
-
SHA256
02e2064a73300f66562cd43dc33d9b07e455084d417ba67a6b31b17ac807e39f
-
SHA512
bad1ce1731c296452fb94c1f710b54e274ca22a015bffc13e285e0071a1bcbf14882a16dfa7ac7f6ff1a44efe9b2da7fed7c97f3712282dd6b4e5edb459bd22f
Static task
static1
Behavioral task
behavioral1
Sample
Cea mai bună scrisoare Serviciu de curierat Notificare de expediere.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
fortyu.duckdns.org:1369
127.0.0.1:1369
d15ef5cc-4794-43a4-bdcf-4c7ad27dbd3b
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-05-10T20:37:06.542613736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
1369
-
default_group
40build
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
d15ef5cc-4794-43a4-bdcf-4c7ad27dbd3b
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
fortyu.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Cea mai bună scrisoare Serviciu de curierat Notificare de expediere.exe
-
Size
522KB
-
MD5
567f0d332d9c0080fb37513454f6a672
-
SHA1
46168e4736ee37c2184e367c07d0e496b40dd456
-
SHA256
e6249562be8d8ab7fe78437565bc91c6b2aff27365f3fa33272c0f700c683f62
-
SHA512
d1f97bb6671264ad79954c1fbf75e29f3065eba2c92029776bf5e6de1e8fdaf9b932715f53b7bdb5b3c41ebf6781e9f7f0dc5638a6d834c4c29b4c38ad7bdb2a
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-