General
-
Target
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9
-
Size
1.5MB
-
Sample
221128-tpblfaga32
-
MD5
737ab047142cf58a32e10126f0a6a13c
-
SHA1
2470de58f93d87f8d1267e77cce98ff148890150
-
SHA256
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9
-
SHA512
f875bdba5019a3156a47c20066f2784392f9bb9075f646df0233971cff1ae4f12e96277b8ca1beaf10f09fb0609867f7b477ff22c8992eb5b02fc56c45d4de19
-
SSDEEP
24576:0EYQDoKjGW+uxBi1QfxzkXIY0YZTsEukYy:YQs1jeBiUzKT0aTsH
Static task
static1
Behavioral task
behavioral1
Sample
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
nanocore
-
activate_away_mode
false
- backup_connection_host
- backup_dns_server
-
buffer_size
0
-
build_time
0001-01-01T00:00:00Z
-
bypass_user_account_control
false
- bypass_user_account_control_data
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
0
-
connection_port
0
- default_group
-
enable_debug_mode
false
-
gc_threshold
0
-
keep_alive_timeout
0
-
keyboard_logging
false
-
lan_timeout
0
-
max_packet_size
0
- mutex
-
mutex_timeout
0
-
prevent_system_sleep
false
- primary_connection_host
- primary_dns_server
-
request_elevation
false
-
restart_delay
0
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
0
-
use_custom_dns_server
false
- version
-
wan_timeout
0
Targets
-
-
Target
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9
-
Size
1.5MB
-
MD5
737ab047142cf58a32e10126f0a6a13c
-
SHA1
2470de58f93d87f8d1267e77cce98ff148890150
-
SHA256
81f652bd599db48b62bcf144f3a2fc214c30d9cbb5b4597edf2e9ee7246140f9
-
SHA512
f875bdba5019a3156a47c20066f2784392f9bb9075f646df0233971cff1ae4f12e96277b8ca1beaf10f09fb0609867f7b477ff22c8992eb5b02fc56c45d4de19
-
SSDEEP
24576:0EYQDoKjGW+uxBi1QfxzkXIY0YZTsEukYy:YQs1jeBiUzKT0aTsH
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-