General
-
Target
7650016126.zip
-
Size
516KB
-
Sample
220623-rm5emagbe2
-
MD5
d048c48b5aac7ace6bfa32be672335df
-
SHA1
84b8582bebf17d80fc8a7956a1d2dab80de45763
-
SHA256
d1fc1a2301ebe51fdb5dc66ef24542eef3ce0e717e44ad117f6793d1b54ec6f1
-
SHA512
b6a97aac1b5e1b96fa030435d51c67bbe54ea0ebe5e40a2afa556442e47cb3a0dd320b0ee89ee1fc62d07910cc45b9096283ef6a65770a87a31baa22c834a2af
Static task
static1
Behavioral task
behavioral1
Sample
bc49d502de62f3fce11bf902ef9986cdf6f9b58f5a83df8a1e0e24cc07a75d64.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
kfinance86.duckdns.org:58211
127.0.0.1:58211
26298613-1d27-45c6-a5ac-1318c6fa4aea
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-02-01T08:45:20.087962536Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
58211
-
default_group
OzzBin
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
26298613-1d27-45c6-a5ac-1318c6fa4aea
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
kfinance86.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
false
-
timeout_interval
5055
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8011
Targets
-
-
Target
bc49d502de62f3fce11bf902ef9986cdf6f9b58f5a83df8a1e0e24cc07a75d64
-
Size
545KB
-
MD5
d01832e8a81cd26f855b17c44cdea225
-
SHA1
fe37446969422253417cb24ad16545363460c222
-
SHA256
bc49d502de62f3fce11bf902ef9986cdf6f9b58f5a83df8a1e0e24cc07a75d64
-
SHA512
08248e3b5932b20212127eabbee20218bfeef7444a30beffa01b2703881ee79ec93b8ab639980e45ab9be4e81ade1f700aef87b69b7be1cbe042484c49c2ddfd
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-