General
-
Target
tmp
-
Size
202KB
-
Sample
220917-rr5wysdhdm
-
MD5
abd64bc9fce93add1a728ca1cc4f325a
-
SHA1
c658d9b43c4face817e2c2d8a0676d6c38eb619d
-
SHA256
aaf44e11893e0fcdcdf94e509ced0a818b794ce908023825107d2c7fd5b6909a
-
SHA512
f2cce3c325c68d4dcb781845758c188285cba7a623cff2c53e628a264a9d3c37c4b0d747ed0806cb56f2bb874164120b8070e2f2474a95d7eb0eb372216d6383
-
SSDEEP
6144:wLV6Bta6dtJmakIM5lFmHi8ieZv00yRQ+E2c+:wLV6BtpmkuFmC83KWH2c+
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
nanocore
1.2.2.0
hamzzagolozar.loseyourip.com:14981
f6deab06-2a44-4808-b3e6-500e096fcc84
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-05-18T10:26:44.441280136Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
14981
-
default_group
K59
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
f6deab06-2a44-4808-b3e6-500e096fcc84
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
hamzzagolozar.loseyourip.com
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
tmp
-
Size
202KB
-
MD5
abd64bc9fce93add1a728ca1cc4f325a
-
SHA1
c658d9b43c4face817e2c2d8a0676d6c38eb619d
-
SHA256
aaf44e11893e0fcdcdf94e509ced0a818b794ce908023825107d2c7fd5b6909a
-
SHA512
f2cce3c325c68d4dcb781845758c188285cba7a623cff2c53e628a264a9d3c37c4b0d747ed0806cb56f2bb874164120b8070e2f2474a95d7eb0eb372216d6383
-
SSDEEP
6144:wLV6Bta6dtJmakIM5lFmHi8ieZv00yRQ+E2c+:wLV6BtpmkuFmC83KWH2c+
-