General
-
Target
9bc2bba318aecc1ef57689961d368e43b83fb59b39095d08525a3471727fc7c3
-
Size
454KB
-
Sample
221119-kl9vdsce64
-
MD5
1b640c9d8fc4fda1f4b3212115289330
-
SHA1
b0fcc65c890a6396f84f6df6d93e39698b8b7d33
-
SHA256
9bc2bba318aecc1ef57689961d368e43b83fb59b39095d08525a3471727fc7c3
-
SHA512
6f5a919ade266eedf58db633ba726cf981b1f6840049f12da94780143f53b495d81f88a2de72592079bd98766f5eac4ea8e6e94a5381f3c73d5260a444cba528
-
SSDEEP
6144:QX59ZTk+piRo6b4Ygg3vpncqNn5Llhci5PHn5zT:QX50RoC/pcqNf6s
Static task
static1
Behavioral task
behavioral1
Sample
9bc2bba318aecc1ef57689961d368e43b83fb59b39095d08525a3471727fc7c3.exe
Resource
win7-20221111-en
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
9bc2bba318aecc1ef57689961d368e43b83fb59b39095d08525a3471727fc7c3
-
Size
454KB
-
MD5
1b640c9d8fc4fda1f4b3212115289330
-
SHA1
b0fcc65c890a6396f84f6df6d93e39698b8b7d33
-
SHA256
9bc2bba318aecc1ef57689961d368e43b83fb59b39095d08525a3471727fc7c3
-
SHA512
6f5a919ade266eedf58db633ba726cf981b1f6840049f12da94780143f53b495d81f88a2de72592079bd98766f5eac4ea8e6e94a5381f3c73d5260a444cba528
-
SSDEEP
6144:QX59ZTk+piRo6b4Ygg3vpncqNn5Llhci5PHn5zT:QX50RoC/pcqNf6s
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-