General
-
Target
4676-137-0x0000000000420000-0x0000000000458000-memory.dmp
-
Size
224KB
-
Sample
221207-clep9aeh69
-
MD5
4b4270524e3c12ffe4d30d7b80d1502b
-
SHA1
d737471f0efff21a7cd1bf8a9da32761486ce7d7
-
SHA256
1d0a0a0ad2f02f1a7f175439ee3c79f846272578edf2b8bffb6311e9b82c9cab
-
SHA512
055db67aec769d80cb5fae2b922775fd03041cbb142c0757439fb82131e9f744363e44755718a17b2c13fa1a7a5e06a4af8cd124ad523d9c4081305db26d96fe
-
SSDEEP
3072:KzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIsSVWLjxKXC0CSlMBjJtS9v3:KLV6Bta6dtJmakIM54WvUo4MBNti
Malware Config
Extracted
nanocore
1.2.2.0
kf123.ddns.net:1604
127.0.0.1:1604
9edcaf8d-019c-414d-bcec-d1174381feda
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-03-29T23:00:40.397394036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
1604
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
9edcaf8d-019c-414d-bcec-d1174381feda
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
kf123.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
4676-137-0x0000000000420000-0x0000000000458000-memory.dmp
-
Size
224KB
-
MD5
4b4270524e3c12ffe4d30d7b80d1502b
-
SHA1
d737471f0efff21a7cd1bf8a9da32761486ce7d7
-
SHA256
1d0a0a0ad2f02f1a7f175439ee3c79f846272578edf2b8bffb6311e9b82c9cab
-
SHA512
055db67aec769d80cb5fae2b922775fd03041cbb142c0757439fb82131e9f744363e44755718a17b2c13fa1a7a5e06a4af8cd124ad523d9c4081305db26d96fe
-
SSDEEP
3072:KzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIsSVWLjxKXC0CSlMBjJtS9v3:KLV6Bta6dtJmakIM54WvUo4MBNti
Score1/10 -