General
-
Target
noxone.exe
-
Size
1.8MB
-
Sample
221210-kv19lsfc45
-
MD5
5a814594a50569a7d0a108f15a4372e0
-
SHA1
c14870a0e3b6f876dddcba34f5df00d7fe5438a9
-
SHA256
f0c40cd7b07913d9ed925ebc130d4263850aeb2e16c32c47214d2b5989bbf4f5
-
SHA512
5166099f1fe5bf31130b8d364dc0407bf7762341056b4639ab8430dc15356c8866b96b84d6ab6a66d380374b4607c4301acb39e8eb08c5063cb9f00994eebdfd
-
SSDEEP
49152:ocyNPK4Y1UJLBfIjNC3OIFjtSuiQpVKBuW:Mi/1UDfv317KBuW
Static task
static1
Behavioral task
behavioral1
Sample
noxone.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
45.81.225.72:4001
192.168.1.149:4001
Targets
-
-
Target
noxone.exe
-
Size
1.8MB
-
MD5
5a814594a50569a7d0a108f15a4372e0
-
SHA1
c14870a0e3b6f876dddcba34f5df00d7fe5438a9
-
SHA256
f0c40cd7b07913d9ed925ebc130d4263850aeb2e16c32c47214d2b5989bbf4f5
-
SHA512
5166099f1fe5bf31130b8d364dc0407bf7762341056b4639ab8430dc15356c8866b96b84d6ab6a66d380374b4607c4301acb39e8eb08c5063cb9f00994eebdfd
-
SSDEEP
49152:ocyNPK4Y1UJLBfIjNC3OIFjtSuiQpVKBuW:Mi/1UDfv317KBuW
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-