General
-
Target
4e5454d0b4ae21a632a389fce1065a9a
-
Size
2.8MB
-
Sample
231226-df56padbd2
-
MD5
4e5454d0b4ae21a632a389fce1065a9a
-
SHA1
c4fb9ef76532b074e568ad86cf5a19e78e0fb73a
-
SHA256
2aa0c1424acc0d9393d3a575b67220ea8b9ef1159470dd4072ffb19886d2f94b
-
SHA512
08947391a5d58f0bbc5e45b71ba37587a48c3bd904a9f216eb6279d6995fdfdd7a6c5b0edf3206b2f5512c01b8ba96db1249a114d2de03a4869b70630ab47d5d
-
SSDEEP
49152:oy3YsUn3GadH2qNtaGLyruMm6fytPLFeivKm5j4TnuclYx6b:v3YsUnXW2Lyr1FivKAjXcacb
Static task
static1
Behavioral task
behavioral1
Sample
4e5454d0b4ae21a632a389fce1065a9a.exe
Resource
win7-20231215-en
Malware Config
Extracted
nanocore
1.2.2.0
213.152.162.154:54617
185.103.96.147:54617
6f20e7f9-e219-4046-bd1a-626154bfb156
-
activate_away_mode
true
-
backup_connection_host
185.103.96.147
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2019-05-10T03:27:25.385481536Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
54617
-
default_group
YT
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
6f20e7f9-e219-4046-bd1a-626154bfb156
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
213.152.162.154
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
4e5454d0b4ae21a632a389fce1065a9a
-
Size
2.8MB
-
MD5
4e5454d0b4ae21a632a389fce1065a9a
-
SHA1
c4fb9ef76532b074e568ad86cf5a19e78e0fb73a
-
SHA256
2aa0c1424acc0d9393d3a575b67220ea8b9ef1159470dd4072ffb19886d2f94b
-
SHA512
08947391a5d58f0bbc5e45b71ba37587a48c3bd904a9f216eb6279d6995fdfdd7a6c5b0edf3206b2f5512c01b8ba96db1249a114d2de03a4869b70630ab47d5d
-
SSDEEP
49152:oy3YsUn3GadH2qNtaGLyruMm6fytPLFeivKm5j4TnuclYx6b:v3YsUnXW2Lyr1FivKAjXcacb
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-