General
-
Target
33851c19216f0e65db0aecc27dc71ffc.exe
-
Size
202KB
-
MD5
33851c19216f0e65db0aecc27dc71ffc
-
SHA1
0ad881c7d507bea247bfe454e29bc645f3d1b4ac
-
SHA256
d3c3718f2106aca6ed10bb92ec37e99bcadd8536f499af4de3849625a0a1c109
-
SHA512
beb70bc68603bc8722656297c7bab35fd15ba7a2d91520f22ea00b2d021ee171c38917d0ddd0bb50e752294c20bd2a257da7623c464252cde4f490c5b66af708
-
SSDEEP
6144:gLV6Bta6dtJmakIM5XQa2WCE085Qe6nGH:gLV6Btpmk22Wd085GnC
Score
10/10
Malware Config
Extracted
| Family |
nanocore |
| Version |
1.2.2.0 |
| C2 |
eu-central-7075.packetriot.net:22378 127.0.0.1:22378 |
| Attributes |
activate_away_mode true
backup_connection_host 127.0.0.1
backup_dns_server 8.8.4.4
buffer_size 65535
build_time 2022-07-04T19:22:19.202077936Z
bypass_user_account_control true
bypass_user_account_control_data
clear_access_control true
clear_zone_identifier false
connect_delay 4000
connection_port 22378
default_group kurban
enable_debug_mode true
gc_threshold 1.048576e+07
keep_alive_timeout 30000
keyboard_logging false
lan_timeout 2500
max_packet_size 1.048576e+07
mutex 7fd0fb12-397b-455a-940b-bef9261bdda7
mutex_timeout 5000
prevent_system_sleep false
primary_connection_host eu-central-7075.packetriot.net
primary_dns_server 8.8.8.8
request_elevation true
restart_delay 5000
run_delay 0
run_on_startup true
set_critical_process true
timeout_interval 5000
use_custom_dns_server false
version 1.2.2.0
wan_timeout 8000 |
Signatures
-
Nanocore family
Files
-
33851c19216f0e65db0aecc27dc71ffc.exe