General
-
Target
50625b3d7a036373b2899796137b0ce7c77355a1f23625de7d5d3ef1db57922f
-
Size
371KB
-
Sample
221126-2vse5seg21
-
MD5
43f114afa21ad1fe53f9ac97c6644f75
-
SHA1
58c392562f5a7365d137f81eaedc32df0ef0b9b0
-
SHA256
50625b3d7a036373b2899796137b0ce7c77355a1f23625de7d5d3ef1db57922f
-
SHA512
cd7226e9d6a4daa3a8e5bcd2c2ee2cf923bd93655e8f647b8be0e8f23901ca45c108d85fe885dbd49e4a5afcb87572f03370780e1579bc2be7157a5f0b6d1103
-
SSDEEP
6144:JRNWwLVJr58/VPYcAQKBCSa2b0PDsUFA6NN7Kia02yqb:JR0e58tdQCSRbqsU+Y5
Static task
static1
Behavioral task
behavioral1
Sample
50625b3d7a036373b2899796137b0ce7c77355a1f23625de7d5d3ef1db57922f.exe
Resource
win7-20220812-en
Malware Config
Extracted
nanocore
1.2.1.1
tooblaq1.ddns.net:2233
tooblaq2.ddns.net:2233
722a6540-3583-410e-8546-79fbfc239905
-
activate_away_mode
false
-
backup_connection_host
tooblaq2.ddns.net
- backup_dns_server
-
buffer_size
65535
-
build_time
2014-09-30T12:55:59.665724036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
2233
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
722a6540-3583-410e-8546-79fbfc239905
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
tooblaq1.ddns.net
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.1.1
-
wan_timeout
8000
Targets
-
-
Target
50625b3d7a036373b2899796137b0ce7c77355a1f23625de7d5d3ef1db57922f
-
Size
371KB
-
MD5
43f114afa21ad1fe53f9ac97c6644f75
-
SHA1
58c392562f5a7365d137f81eaedc32df0ef0b9b0
-
SHA256
50625b3d7a036373b2899796137b0ce7c77355a1f23625de7d5d3ef1db57922f
-
SHA512
cd7226e9d6a4daa3a8e5bcd2c2ee2cf923bd93655e8f647b8be0e8f23901ca45c108d85fe885dbd49e4a5afcb87572f03370780e1579bc2be7157a5f0b6d1103
-
SSDEEP
6144:JRNWwLVJr58/VPYcAQKBCSa2b0PDsUFA6NN7Kia02yqb:JR0e58tdQCSRbqsU+Y5
-
Modifies WinLogon for persistence
-
Suspicious use of SetThreadContext
-