General
-
Target
8124306752.zip
-
Size
344KB
-
Sample
221012-s9qqesaahl
-
MD5
55209c6bcd78bddfb927c2cb5f26c0d7
-
SHA1
1d281081afd3e5c026790aabcaeee0b6be1090de
-
SHA256
6ed1dec3ae5496b6235fec6b539841c487f07c30e8f43bf0b16e1b72d4881957
-
SHA512
e6b5e63b6a957704bab9b20402385a0bbd80d6c6b02071b13741084cee727ff893b4900aaf344ec52acccddaa1e3527e4a1d775e65bb77a98a64a63f7a207112
-
SSDEEP
6144:rp8MVMvvlPRr9UiR0brZ4dbKEpUr3p0Rq8xQiOu435sznaDsIUFzfgC:FrVMvv7bybrZ4uEpWpIqBiOVAnelUFzP
Static task
static1
Behavioral task
behavioral1
Sample
26a26eb8f02e73198e75453ca06445d45da4a11914011d545c7da0964323043b.exe
Resource
win7-20220812-en
Malware Config
Extracted
nanocore
1.2.2.0
194.5.98.148:5050
dcf8e560-2496-44cb-9ddb-90ff3f0546bf
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-07-23T00:32:21.206554236Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5050
-
default_group
wedding
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
dcf8e560-2496-44cb-9ddb-90ff3f0546bf
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
194.5.98.148
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
26a26eb8f02e73198e75453ca06445d45da4a11914011d545c7da0964323043b
-
Size
357KB
-
MD5
84c86b461afe2a2a02392beee58313e1
-
SHA1
f362a9be8a825e0940c18fe9139c2517f6728575
-
SHA256
26a26eb8f02e73198e75453ca06445d45da4a11914011d545c7da0964323043b
-
SHA512
f0486af628753ca2a5fe8cad4f8139a11604361764db9840c9171b266d22aff0a942a9c92d0a252e5dc81c7e1388d0fa17e0212b9e29f4a82e893d4a6490de33
-
SSDEEP
6144:HNeZmC8pMv7OibcWkF+MeXbYpBpMqEVv138KeHMk7mP/9so2UL0dNCjJfGLR0:HNljJERMyEpNEVvcgwdNCjtGS
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-