General
-
Target
52fe19cf1fd62bf14e93b6047ab9a4caa7d4874b0775b2b999829476ccfaacef.7z
-
Size
538KB
-
Sample
220705-vz93esbcgq
-
MD5
18c75b6a9512bacfbaabb11a32fc5631
-
SHA1
4965866109938e8ba426123c30f73541f0548c0d
-
SHA256
ef4bbb5b276316d191667ed6c3344cf5a6d3d7362bcf3f12daca16adfa5f0cb9
-
SHA512
71adcea60cf070c4be3f188d616c4eef45ddeb5ca8e706111d175566ebff1242a9705b9dc1197b30df713e25ad32ca260a392d5b7f39e93d44e7634272602a86
Static task
static1
Behavioral task
behavioral1
Sample
52fe19cf1fd62bf14e93b6047ab9a4caa7d4874b0775b2b999829476ccfaacef.exe
Resource
win7-20220414-en
Malware Config
Extracted
nanocore
1.2.2.0
172.94.42.77:54983
fa062181-d17f-4771-b853-56ad4122293b
-
activate_away_mode
true
-
backup_connection_host
172.94.42.77
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-04-16T19:45:17.991100336Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
54983
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
fa062181-d17f-4771-b853-56ad4122293b
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
172.94.42.77
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
52fe19cf1fd62bf14e93b6047ab9a4caa7d4874b0775b2b999829476ccfaacef.exe
-
Size
863KB
-
MD5
c2720ce6cc0f31551a6cef74c8dfc79e
-
SHA1
d12f85204042be1a50dc6d876dfd603a00baf0bc
-
SHA256
52fe19cf1fd62bf14e93b6047ab9a4caa7d4874b0775b2b999829476ccfaacef
-
SHA512
b15474ba548d4c1e180590291f45a7bc73832ebb392a3a837b32df0acf008e093cb9dc62fea3912c1d25d9c8460015cbd1379370ed34cd84d1f4e7d21bb167bd
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-