Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

0d3ec9b2b9...5e.exe

windows7-x64

10

0d3ec9b2b9...5e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d3ec9b2b95b32cc6c1746330ad5ec5e

  • Size

    355KB

  • Sample

    230210-kd4neacg61

  • MD5

    0d3ec9b2b95b32cc6c1746330ad5ec5e

  • SHA1

    f22822dd82e49f633eb136fd5ee717b6d75adf0a

  • SHA256

    b8d747db69fac284ccfeab921f8e06b6403763914b776ff518e6d3643ed9056d

  • SHA512

    e58c64de7d97cab2d23b2b8a41edaeffadf9f6edbc383ccc729cb82efa4ad1f2c340866920a6162a62f6bd348098196ef13e4627d157461ca613f24ecad1774e

  • SSDEEP

    6144:tYa6aWhvrWv60yRwUVUpR7wmPsLx/v7v+YPDQ7i+e30uJW2nunCgWCfani:tY4WRWzyRwnRkmIb2kQ7iL0uJFmfX

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

bouricrat.duckdns.org:6445

Mutex

351a9355-099d-4d8e-aef5-126657425e1b

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    bouricrat.duckdns.org

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2022-11-20T03:15:20.565935636Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    6445

  • default_group

    Vitalz

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    351a9355-099d-4d8e-aef5-126657425e1b

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    bouricrat.duckdns.org

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      0d3ec9b2b95b32cc6c1746330ad5ec5e

    • Size

      355KB

    • MD5

      0d3ec9b2b95b32cc6c1746330ad5ec5e

    • SHA1

      f22822dd82e49f633eb136fd5ee717b6d75adf0a

    • SHA256

      b8d747db69fac284ccfeab921f8e06b6403763914b776ff518e6d3643ed9056d

    • SHA512

      e58c64de7d97cab2d23b2b8a41edaeffadf9f6edbc383ccc729cb82efa4ad1f2c340866920a6162a62f6bd348098196ef13e4627d157461ca613f24ecad1774e

    • SSDEEP

      6144:tYa6aWhvrWv60yRwUVUpR7wmPsLx/v7v+YPDQ7i+e30uJW2nunCgWCfani:tY4WRWzyRwnRkmIb2kQ7iL0uJFmfX

    Score
    10/10
    nanocoreevasionkeyloggerpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks