Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0d3ec9b2b95b32cc6c1746330ad5ec5e
-
Size
355KB
-
Sample
230210-kd4neacg61
-
MD5
0d3ec9b2b95b32cc6c1746330ad5ec5e
-
SHA1
f22822dd82e49f633eb136fd5ee717b6d75adf0a
-
SHA256
b8d747db69fac284ccfeab921f8e06b6403763914b776ff518e6d3643ed9056d
-
SHA512
e58c64de7d97cab2d23b2b8a41edaeffadf9f6edbc383ccc729cb82efa4ad1f2c340866920a6162a62f6bd348098196ef13e4627d157461ca613f24ecad1774e
-
SSDEEP
6144:tYa6aWhvrWv60yRwUVUpR7wmPsLx/v7v+YPDQ7i+e30uJW2nunCgWCfani:tY4WRWzyRwnRkmIb2kQ7iL0uJFmfX
Static task
static1
Behavioral task
behavioral1
Sample
0d3ec9b2b95b32cc6c1746330ad5ec5e.exe
Resource
win7-20221111-en
Malware Config
Extracted
nanocore
1.2.2.0
bouricrat.duckdns.org:6445
351a9355-099d-4d8e-aef5-126657425e1b
-
activate_away_mode
true
-
backup_connection_host
bouricrat.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2022-11-20T03:15:20.565935636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
6445
-
default_group
Vitalz
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
351a9355-099d-4d8e-aef5-126657425e1b
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
bouricrat.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
0d3ec9b2b95b32cc6c1746330ad5ec5e
-
Size
355KB
-
MD5
0d3ec9b2b95b32cc6c1746330ad5ec5e
-
SHA1
f22822dd82e49f633eb136fd5ee717b6d75adf0a
-
SHA256
b8d747db69fac284ccfeab921f8e06b6403763914b776ff518e6d3643ed9056d
-
SHA512
e58c64de7d97cab2d23b2b8a41edaeffadf9f6edbc383ccc729cb82efa4ad1f2c340866920a6162a62f6bd348098196ef13e4627d157461ca613f24ecad1774e
-
SSDEEP
6144:tYa6aWhvrWv60yRwUVUpR7wmPsLx/v7v+YPDQ7i+e30uJW2nunCgWCfani:tY4WRWzyRwnRkmIb2kQ7iL0uJFmfX
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-