General
-
Target
742ce52cd8a692158fc20d0df48b688449c432f31a0d1854eda3f83d1324f76d
-
Size
1.1MB
-
Sample
221126-3nar7add32
-
MD5
75342cdd702056910a3fce3b434cf1b1
-
SHA1
02728d0ad5e5c1f34ee3bd77bb7af144f83438f9
-
SHA256
742ce52cd8a692158fc20d0df48b688449c432f31a0d1854eda3f83d1324f76d
-
SHA512
dd6dc0a07f0ffbbf0793c3e97d86de80720e6dca0216441b3ab46014975e186b975887a8cde3530b7a43fcbc078788ebe8df5fd065c0ac5779b98febaf7409ec
-
SSDEEP
24576:Ktb20pkaCqT5TBWgNQ7aulZsRTXRDL6nY935ZSS6A:3Vg5tQ7aulZsRTXRD/55
Static task
static1
Behavioral task
behavioral1
Sample
742ce52cd8a692158fc20d0df48b688449c432f31a0d1854eda3f83d1324f76d.exe
Resource
win7-20220812-en
Malware Config
Extracted
nanocore
1.2.2.0
moftsvs.ig42.org:9045
212.7.192.242:9045
c7bf44a3-7212-4d60-9ee3-f0991c8392f8
-
activate_away_mode
false
-
backup_connection_host
212.7.192.242
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2015-03-06T14:55:41.478810836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
9045
-
default_group
Default Team
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
c7bf44a3-7212-4d60-9ee3-f0991c8392f8
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
moftsvs.ig42.org
-
primary_dns_server
8.8.8.8
-
request_elevation
false
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
742ce52cd8a692158fc20d0df48b688449c432f31a0d1854eda3f83d1324f76d
-
Size
1.1MB
-
MD5
75342cdd702056910a3fce3b434cf1b1
-
SHA1
02728d0ad5e5c1f34ee3bd77bb7af144f83438f9
-
SHA256
742ce52cd8a692158fc20d0df48b688449c432f31a0d1854eda3f83d1324f76d
-
SHA512
dd6dc0a07f0ffbbf0793c3e97d86de80720e6dca0216441b3ab46014975e186b975887a8cde3530b7a43fcbc078788ebe8df5fd065c0ac5779b98febaf7409ec
-
SSDEEP
24576:Ktb20pkaCqT5TBWgNQ7aulZsRTXRDL6nY935ZSS6A:3Vg5tQ7aulZsRTXRD/55
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-