General
-
Target
1d08872d28eb61f9dd73b4d1c76e9d20.exe
-
Size
202KB
-
Sample
230404-ccptvseb4y
-
MD5
1d08872d28eb61f9dd73b4d1c76e9d20
-
SHA1
91cc9559a7d3200c200bfe5683aab95d91193b65
-
SHA256
fd65751dfd574b5a1b8a4a73dae9a339227b2123c5f46c7f0df3bbd27fc073e1
-
SHA512
be45a93fbcbfa4ff7142c612c424992a59926ed15ebc23b2748a9c3ca86fc60806c014438f1798acfb7cbc829c68f85397d361814a2b3f4d2b8185782da0b3b0
-
SSDEEP
3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIXbsb4F5e9nOjbdIlmvujtJrAH:gLV6Bta6dtJmakIM5sSOvh2RCh2o
Behavioral task
behavioral1
Sample
1d08872d28eb61f9dd73b4d1c76e9d20.exe
Resource
win7-20230220-en
Malware Config
Extracted
nanocore
1.2.2.0
0.tcp.ngrok.io:17742
127.0.0.1:17742
4f113cf4-d2d7-4e32-a9b5-c84d90c7c45b
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2023-01-11T15:36:17.417269636Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
17742
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
4f113cf4-d2d7-4e32-a9b5-c84d90c7c45b
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
0.tcp.ngrok.io
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
1d08872d28eb61f9dd73b4d1c76e9d20.exe
-
Size
202KB
-
MD5
1d08872d28eb61f9dd73b4d1c76e9d20
-
SHA1
91cc9559a7d3200c200bfe5683aab95d91193b65
-
SHA256
fd65751dfd574b5a1b8a4a73dae9a339227b2123c5f46c7f0df3bbd27fc073e1
-
SHA512
be45a93fbcbfa4ff7142c612c424992a59926ed15ebc23b2748a9c3ca86fc60806c014438f1798acfb7cbc829c68f85397d361814a2b3f4d2b8185782da0b3b0
-
SSDEEP
3072:gzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIXbsb4F5e9nOjbdIlmvujtJrAH:gLV6Bta6dtJmakIM5sSOvh2RCh2o
-
Legitimate hosting services abused for malware hosting/C2
-