General
-
Target
7423de8c040d89fa19338afccfe7baa6
-
Size
2.1MB
-
Sample
240125-jqttascagp
-
MD5
7423de8c040d89fa19338afccfe7baa6
-
SHA1
9abbee485cacd5d6c0115d8f5f06f4a01d9309c9
-
SHA256
23620de64b663a58b2c29f39863e8b4052d7f819fd69685e56d26426927dcfa3
-
SHA512
cf28260b94cbcc91796623bcdb192eb1d02935b3891b8d011c0a4602dd748fba1b678d8de0567762c7a96a4a06d9bd5b1196eed248fd23afc67891077cc54817
-
SSDEEP
49152:yav4KJbboJXTKy2GmKFYrb0INa4uf5JJhDziO5FASrRxBQt2/j8OkYdzFRZIJMdN:yuFVbWXWjBAY0wHLqa+zyyj885RZBN
Behavioral task
behavioral1
Sample
7423de8c040d89fa19338afccfe7baa6.exe
Resource
win7-20231129-en
Malware Config
Extracted
nanocore
1.2.2.0
185.244.30.139:4050
52e05d5b-dcbb-4f70-86bd-eb80b3602ddc
-
activate_away_mode
true
- backup_connection_host
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-02-09T23:01:15.091230736Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
4050
-
default_group
money
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
52e05d5b-dcbb-4f70-86bd-eb80b3602ddc
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
185.244.30.139
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
7423de8c040d89fa19338afccfe7baa6
-
Size
2.1MB
-
MD5
7423de8c040d89fa19338afccfe7baa6
-
SHA1
9abbee485cacd5d6c0115d8f5f06f4a01d9309c9
-
SHA256
23620de64b663a58b2c29f39863e8b4052d7f819fd69685e56d26426927dcfa3
-
SHA512
cf28260b94cbcc91796623bcdb192eb1d02935b3891b8d011c0a4602dd748fba1b678d8de0567762c7a96a4a06d9bd5b1196eed248fd23afc67891077cc54817
-
SSDEEP
49152:yav4KJbboJXTKy2GmKFYrb0INa4uf5JJhDziO5FASrRxBQt2/j8OkYdzFRZIJMdN:yuFVbWXWjBAY0wHLqa+zyyj885RZBN
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-