General
-
Target
cb1a8d8d5d3875fcb6205bd40923cfdd208c46873ff44fff3f153456d7d73400
-
Size
116KB
-
Sample
221126-klbycsfb23
-
MD5
62039720e90c262170649fa860e64d07
-
SHA1
e79c07acef610473b7cf0cdfc92be59cfcf5c08a
-
SHA256
cb1a8d8d5d3875fcb6205bd40923cfdd208c46873ff44fff3f153456d7d73400
-
SHA512
c2a4f7ae030526bc5968e6290c92e2c2871a8aa413707429bb02fa53884e595d9923f954726628a1c2be0e87a46095fef50f5fd3463fdf0a362a4cd0d999d015
-
SSDEEP
3072:r79UcDlEH1UYakFeNlnDbExekmezqRbXYy:r77Q1UueSektq
Static task
static1
Behavioral task
behavioral1
Sample
cb1a8d8d5d3875fcb6205bd40923cfdd208c46873ff44fff3f153456d7d73400.exe
Resource
win7-20220901-en
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
cb1a8d8d5d3875fcb6205bd40923cfdd208c46873ff44fff3f153456d7d73400
-
Size
116KB
-
MD5
62039720e90c262170649fa860e64d07
-
SHA1
e79c07acef610473b7cf0cdfc92be59cfcf5c08a
-
SHA256
cb1a8d8d5d3875fcb6205bd40923cfdd208c46873ff44fff3f153456d7d73400
-
SHA512
c2a4f7ae030526bc5968e6290c92e2c2871a8aa413707429bb02fa53884e595d9923f954726628a1c2be0e87a46095fef50f5fd3463fdf0a362a4cd0d999d015
-
SSDEEP
3072:r79UcDlEH1UYakFeNlnDbExekmezqRbXYy:r77Q1UueSektq
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-