General
-
Target
812-63-0x0000000000400000-0x0000000000438000-memory.dmp
-
Size
224KB
-
Sample
220912-j5p4nagfcq
-
MD5
a529a3ac6fa71f1eafd74b4f41d78165
-
SHA1
9dc158a3a889c434d2d48cc04d949034b282db38
-
SHA256
1a6d74781de19e2fded570e5c955a8a9cb2721a254605dd6ee9ff0eb5cc2f844
-
SHA512
d043abe4c3f18233c0d64b669a359fac1058aa3877a1d1757d9981d313084b75a83abb288d4b104c9e1471b73c426639b3d85a039e455f50981dec4520b72b8c
-
SSDEEP
6144:iLV6Bta6dtJmakIM50ch5V7lyc3E96/evBaLH8QA:iLV6BtpmkWv7l/y62ajBA
Malware Config
Extracted
nanocore
1.2.2.0
systen32.ddns.net:54980
office365update.duckdns.org:54980
41b88ccb-be7c-4bd4-ae12-8d3a967819f0
-
activate_away_mode
true
-
backup_connection_host
office365update.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-09-17T20:29:45.244980036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
54980
-
default_group
****|*****
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
41b88ccb-be7c-4bd4-ae12-8d3a967819f0
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
systen32.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
812-63-0x0000000000400000-0x0000000000438000-memory.dmp
-
Size
224KB
-
MD5
a529a3ac6fa71f1eafd74b4f41d78165
-
SHA1
9dc158a3a889c434d2d48cc04d949034b282db38
-
SHA256
1a6d74781de19e2fded570e5c955a8a9cb2721a254605dd6ee9ff0eb5cc2f844
-
SHA512
d043abe4c3f18233c0d64b669a359fac1058aa3877a1d1757d9981d313084b75a83abb288d4b104c9e1471b73c426639b3d85a039e455f50981dec4520b72b8c
-
SSDEEP
6144:iLV6Bta6dtJmakIM50ch5V7lyc3E96/evBaLH8QA:iLV6BtpmkWv7l/y62ajBA
Score1/10 -