General
-
Target
529284163b83ea0c902f6676293c7b4ff5289cfba576a504a43b6e5610a93078
-
Size
484KB
-
Sample
220521-n23b2aeec6
-
MD5
ad09740294520b7164122e8d72d95f8a
-
SHA1
d19b67d7d981b944cefd6bc90a0f5da91ba11dbe
-
SHA256
529284163b83ea0c902f6676293c7b4ff5289cfba576a504a43b6e5610a93078
-
SHA512
c7327bc3c06eec7476ca149b5572a2cfe519f34326c2cb43c4ab3004d10b70e38ea1965569cfe9caeab6d1a0588fe062f212d7372aee533a7f34516cea1ffc1a
Static task
static1
Behavioral task
behavioral1
Sample
invoice copy.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
weddinglight.ddns.net:4040
0786f2c0-e128-4479-a9aa-d40c52591ebf
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-04-25T20:55:59.623925336Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
4040
-
default_group
wedding
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
0786f2c0-e128-4479-a9aa-d40c52591ebf
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
weddinglight.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
invoice copy.pdf.exe
-
Size
935KB
-
MD5
8b2f9a3638a60c5cc706ad212528784d
-
SHA1
5289963f790c86ec11f85948197fa132d70d6f38
-
SHA256
4de6466841226eea95bef6fe6868d1c3d5808d8fafa3449e333f0b6d03253c84
-
SHA512
e868d26932365d1c170148d1f02b298c1bd561cea91b965724441440f122861a76c5112855cf056ed0c4fc77da2e733f4793555453af1d3bb39146dc8cab4156
-
Suspicious use of SetThreadContext
-