General
-
Target
f866833ab442929e34536a128184bceafe1715499777a61244323551742bf4ee
-
Size
2.2MB
-
Sample
220521-xb94maefhm
-
MD5
4c0b0a3028dcb0cb3015b4691c64c0b2
-
SHA1
f8726da87ee112ed109245c39c8401678127e039
-
SHA256
f866833ab442929e34536a128184bceafe1715499777a61244323551742bf4ee
-
SHA512
0b00559673d934c6015ed6b698aeec9e66df155de25b6b6ee3e8dd4729ebedcd65b55b7beb7a2d0d667adacffa610692c9616ded900b14b06a468a0f2602a1c3
Static task
static1
Behavioral task
behavioral1
Sample
ENQUIRY_.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
u852117.nvpn.so:5638
comcasted.duckdns.org:5638
c2752564-42a0-44a1-9f65-f38d35e9ab26
-
activate_away_mode
true
-
backup_connection_host
comcasted.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-12-31T14:52:32.548938136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5638
-
default_group
comcasted
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c2752564-42a0-44a1-9f65-f38d35e9ab26
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
u852117.nvpn.so
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
ENQUIRY_.EXE
-
Size
1.7MB
-
MD5
a2301e5f6bb76e888d242c4a6a49af47
-
SHA1
680dd9446633c37b09e2bc0542d86628ececc397
-
SHA256
51b15f2f55025fe7eff1ee4a4f5a2bedc616f3e0fc678a01a108d52c41e693ec
-
SHA512
4fe8ddb24f2ddc44250f8efeb72c556559c5568808cc310bc6154da705405044071416ed2d5ee263b4a209ab1f864bd3f2d14493553d370c8666d652328e5fe6
-
Drops startup file
-
Suspicious use of SetThreadContext
-