General
-
Target
14c4c5e45e22cc971bc21bb95b0b440214d9c418e3d447ee25c0bd6ec0f21d4f
-
Size
519KB
-
Sample
220521-pc3f6sfaf2
-
MD5
e9a0a2ca677fda13916b7a2954685065
-
SHA1
3f663baa0598bd335c24a44d8d3db7565b2b40c8
-
SHA256
14c4c5e45e22cc971bc21bb95b0b440214d9c418e3d447ee25c0bd6ec0f21d4f
-
SHA512
62bf48b852dd0daac4aee2943439c8373c55da236beced8b1597203e9a4782fee3a9cb8fd73245b9bc37e6c691e56fd95e9e9c5c9e0254826db4f577245ced2e
Static task
static1
Behavioral task
behavioral1
Sample
FT20200504 104835457 EMIRATE.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
chaya.ddns.net:1960
185.140.53.208:1960
d8052c0f-025c-473b-b040-53a55fb82415
-
activate_away_mode
true
-
backup_connection_host
185.140.53.208
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-01-23T08:36:54.150343836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1960
-
default_group
Risen One
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
d8052c0f-025c-473b-b040-53a55fb82415
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
chaya.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
FT20200504 104835457 EMIRATE.exe
-
Size
633KB
-
MD5
0b9fffb2575af254598a1921a40c155c
-
SHA1
bd80b6c6e9d6134a4be8e69cd8dd644bbc57dfcc
-
SHA256
7fc1a736c594f6932e35c60e99b984b93280b68a48989683839ac1f25fe17d97
-
SHA512
dc09f18b3d6743f19a4ac5a7b34f4ad001b5ea8b53cf809745ce0e7e4706f0bb0542f72c6f284f9e0156add00dc6e990fe96e189c97511555bf307e2068f5d53
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-