General
-
Target
999db24537e1f835926ea7da9022de958f7edff9a74ad2c1c00b6be31ce4331c
-
Size
338KB
-
Sample
220521-cybjcshgcl
-
MD5
85b3027b56160280ef38a3ca88975919
-
SHA1
2c4d5096d85fd62608b92525c77696531dfd344e
-
SHA256
999db24537e1f835926ea7da9022de958f7edff9a74ad2c1c00b6be31ce4331c
-
SHA512
fc114fc762073e7a9852597905869319e862b005a1f13e62aff792c124306cc29a6b1740ff72c9d56b616ec47d270beb4ebf957b4763bed41f282f238a25094d
Static task
static1
Behavioral task
behavioral1
Sample
DHL-#AWB130501923096PDF.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
185.165.153.247:5678
grace147.ddns.net:5678
bb5979e4-6524-4144-a4bb-47ead86d7eef
-
activate_away_mode
true
-
backup_connection_host
grace147.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-07T00:51:33.782958036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
5678
-
default_group
GRACE
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
bb5979e4-6524-4144-a4bb-47ead86d7eef
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
185.165.153.247
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
DHL-#AWB130501923096PDF.exe
-
Size
414KB
-
MD5
1a4bf9b4501a87d22ad6bfc7abd91daf
-
SHA1
6d9fb911e49b3c97cdb448dbb71513b119484c23
-
SHA256
ff29de48c0798fcecbb3113c5d53229c9250b9950a1336c49c1e21434ef20203
-
SHA512
cd1fb7ab9de8a2ed9a86fce6f51c62a6c802dd03bc3b4795962c498ad12c5aaafc31946a8745f63855b0592167b7310774f4e368b8b650935fdb62ca0afa8e90
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-