General
-
Target
NA_6427336ade955128d895921db_JC.exe
-
Size
280KB
-
Sample
230725-r2cyxsdb28
-
MD5
07d9eeffaac90b7fcd1bf8b3930a2044
-
SHA1
445b329dc821c72cdbd167576cb4e5654b49f1ae
-
SHA256
6427336ade955128d895921dbb9bbcc379ad910690ff63f6deff3794a2086c8c
-
SHA512
c318090ef0c4bd573b68b8539b87be677114e25bbdaaec5b360ac5365fc76107ee17e3533231ef80fab71f1455d690c80b950c38e0aeee480d5b0869bdbf73fc
-
SSDEEP
6144:4mRcsQAKqVYM8AFtE3GK9U5lB88PFdvOGa7XDdK:lRcnYlRFjn8ebOG6B
Static task
static1
Behavioral task
behavioral1
Sample
NA_6427336ade955128d895921db_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
nanocore
1.2.2.0
secur3.duckdns.org:57788
127.0.0.1:57788
24bcb08e-b9d9-4fab-833c-942bd08a17be
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
- backup_dns_server
-
buffer_size
65535
-
build_time
2023-05-05T14:17:00.693036336Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
57788
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
24bcb08e-b9d9-4fab-833c-942bd08a17be
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
secur3.duckdns.org
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
NA_6427336ade955128d895921db_JC.exe
-
Size
280KB
-
MD5
07d9eeffaac90b7fcd1bf8b3930a2044
-
SHA1
445b329dc821c72cdbd167576cb4e5654b49f1ae
-
SHA256
6427336ade955128d895921dbb9bbcc379ad910690ff63f6deff3794a2086c8c
-
SHA512
c318090ef0c4bd573b68b8539b87be677114e25bbdaaec5b360ac5365fc76107ee17e3533231ef80fab71f1455d690c80b950c38e0aeee480d5b0869bdbf73fc
-
SSDEEP
6144:4mRcsQAKqVYM8AFtE3GK9U5lB88PFdvOGa7XDdK:lRcnYlRFjn8ebOG6B
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-