Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1e0802286e12f1c0bcbb1ab2c0057b33
-
Size
480KB
-
Sample
231230-126qnshggr
-
MD5
1e0802286e12f1c0bcbb1ab2c0057b33
-
SHA1
e5f700447cccc8cd94a141167ed6d843e2bc74f0
-
SHA256
59fc7316893d1882281f6c1bd0b3e99a0e7066441948c40dac80203f3554cded
-
SHA512
542a1315d12a65017d0d19e14d04fbbd753653f36662598774a5a1eef60f882ca3a9d3c70f02f7b4d0e33d1a745c40f963ed79b9c12d9e230d46774c3bfe90c5
-
SSDEEP
12288:zxfT6xvaPN0V0lk52ZRSnEZ1UwbTekIwn9+fTDPMFjjpdHxQKeUUrNGl:PNlXSn04YjjNdFUrN
Static task
static1
Behavioral task
behavioral1
Sample
1e0802286e12f1c0bcbb1ab2c0057b33.exe
Resource
win7-20231215-en
Malware Config
Extracted
nanocore
1.2.2.0
140.82.57.249:935
798bb993-90f3-40e1-a3d3-e1b7aa0cea14
-
activate_away_mode
true
-
backup_connection_host
140.82.57.249
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-09-09T20:08:12.600525936Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
935
-
default_group
pamclique
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
798bb993-90f3-40e1-a3d3-e1b7aa0cea14
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
140.82.57.249
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
1e0802286e12f1c0bcbb1ab2c0057b33
-
Size
480KB
-
MD5
1e0802286e12f1c0bcbb1ab2c0057b33
-
SHA1
e5f700447cccc8cd94a141167ed6d843e2bc74f0
-
SHA256
59fc7316893d1882281f6c1bd0b3e99a0e7066441948c40dac80203f3554cded
-
SHA512
542a1315d12a65017d0d19e14d04fbbd753653f36662598774a5a1eef60f882ca3a9d3c70f02f7b4d0e33d1a745c40f963ed79b9c12d9e230d46774c3bfe90c5
-
SSDEEP
12288:zxfT6xvaPN0V0lk52ZRSnEZ1UwbTekIwn9+fTDPMFjjpdHxQKeUUrNGl:PNlXSn04YjjNdFUrN
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-