General
-
Target
fbea50770dca0d364d24701e422e9f452cdfe1058e8af664bd25a4e491d4c419
-
Size
1.9MB
-
Sample
220521-xclgnaegaq
-
MD5
6d6cf3ccf592e019f0ba167c890a24bd
-
SHA1
7e2b6eff9c83bee0f898fed3ae09b671bf0ea4ab
-
SHA256
fbea50770dca0d364d24701e422e9f452cdfe1058e8af664bd25a4e491d4c419
-
SHA512
666a1e4cca11b53b28a981317c6a67cfe8a0f4878bf3efae7e9aa957c2aea8d892321f7f048baf1209a1372d3b096f5b35a61e09e85b34cdf116ac75d5e02a61
Static task
static1
Behavioral task
behavioral1
Sample
LIST_OF_.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
u852117.nvpn.so:5638
comcasted.duckdns.org:5638
c2752564-42a0-44a1-9f65-f38d35e9ab26
-
activate_away_mode
true
-
backup_connection_host
comcasted.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-12-31T14:52:32.548938136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5638
-
default_group
comcasted
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c2752564-42a0-44a1-9f65-f38d35e9ab26
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
u852117.nvpn.so
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
LIST_OF_.EXE
-
Size
1.4MB
-
MD5
65a0b315738fd8a5f7549cdbdea0e856
-
SHA1
c0debf9f9bd13912910863aef3ef869c20b80ab4
-
SHA256
c5fb8844494411c36592bfa4a33e2d47daa7d01f52a6e12632f7865eb3f49024
-
SHA512
be4c41ed6a5faa5bede056d9a79ea716046e9a92f74d053796e0f382c6587e75d06eed6f290d0cef7f43c385ff3fd3b3dd87ce80550e71f4533682e4f4735684
-
Drops startup file
-
Suspicious use of SetThreadContext
-