General
-
Target
New Purchase order - No_1222.IMG
-
Size
558KB
-
Sample
221202-nlm76sgc8x
-
MD5
a59472e4ba7cf658200323f6a94de7d0
-
SHA1
7a24e6b3c6cc3032801a87b454eeb3b1e348f0af
-
SHA256
64830915f179b289825b0b979a1af6a0210a0881e7b73e69e2632b0e70d6a0e0
-
SHA512
7eecfdb0b5f66fae4572cb6910122f5c018ae0c371af4a555a54e3405e83ffcc6ae5d919152cfcf44ebcc28fe1197a06d2f44b5e45b6430a6fcd503738f0d5a9
-
SSDEEP
12288:rT+YvwpmBwyiCUuwVoluyaeHwPiuy7j+8KMS9GhRMkwLV8kXgUE:uYXNzBIya2wPCpKToUkwL+kXgU
Static task
static1
Behavioral task
behavioral1
Sample
New Purchase order - No_1222.iso
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
New Purchase order-No_1222.pdf.lzh
Resource
win10-20220812-en
Malware Config
Extracted
nanocore
1.2.2.0
194.5.98.28:3040
127.0.0.1:3040
9446c0f3-8260-4d7b-8a0b-a07e133eb590
-
activate_away_mode
false
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-04-09T04:48:28.523483936Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
3040
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
9446c0f3-8260-4d7b-8a0b-a07e133eb590
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
194.5.98.28
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
New Purchase order - No_1222.IMG
-
Size
558KB
-
MD5
a59472e4ba7cf658200323f6a94de7d0
-
SHA1
7a24e6b3c6cc3032801a87b454eeb3b1e348f0af
-
SHA256
64830915f179b289825b0b979a1af6a0210a0881e7b73e69e2632b0e70d6a0e0
-
SHA512
7eecfdb0b5f66fae4572cb6910122f5c018ae0c371af4a555a54e3405e83ffcc6ae5d919152cfcf44ebcc28fe1197a06d2f44b5e45b6430a6fcd503738f0d5a9
-
SSDEEP
12288:rT+YvwpmBwyiCUuwVoluyaeHwPiuy7j+8KMS9GhRMkwLV8kXgUE:uYXNzBIya2wPCpKToUkwL+kXgU
Score3/10 -
-
-
Target
New Purchase order-No_1222.pdf.lzh
-
Size
505KB
-
MD5
9faad0b629c234d16e074c77748e7c86
-
SHA1
96d5863d2528ff1f49ef47232fde53d5a5bb90d5
-
SHA256
7c0c94e6fd788ae530111f2daa0f8f10c29ec52b121ccbaa2f7336027faca8f5
-
SHA512
e3565b1f807e10458f907910bdf915f12208e472761665b85856a3863f40a44fe433a77667956af12117c7215d235559905694523e4b847c5012401cde648ba3
-
SSDEEP
12288:IT+YvwpmBwyiCUuwVoluyaeHwPiuy7j+8KMS9GhRMkwLV8kXgUEW:rYXNzBIya2wPCpKToUkwL+kXgUJ
Score3/10 -
-
-
Target
New Purchase order-No_1222.pdf.scr
-
Size
576KB
-
MD5
27d1fc35dcd67f9b3ec0621a4cba8e8b
-
SHA1
5f7999a6e62aa16ce1b474cb5dc17bba5f5ab0ec
-
SHA256
aabec5849b5c96187ba659f00eab740f102620d94adde65c332fba3300abbfba
-
SHA512
a04287ec3aa4136b93c584e9ae97a5658d4bf9ebd82202fcc70dc20cc8c14f3de9db689e83ed26e520b65e38e79b8304c091de357b1e01ff9abfa2fdbecf773c
-
SSDEEP
12288:vaK6y940IvDPaCoRpL0mCuQ9pmQ8jhdRbabZVjKs9jq:yK65nrloXgzakh9j
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-