General
-
Target
ec35cf4e08b2927b3955696b078ee638c20e6fd8d8076727c64addc7e6846668
-
Size
398KB
-
Sample
240417-rjdshacg6v
-
MD5
208e20231bd3ed75ce44bf9acf53c7ef
-
SHA1
2093db287af8feb55fcd1f48245f717110247e87
-
SHA256
ec35cf4e08b2927b3955696b078ee638c20e6fd8d8076727c64addc7e6846668
-
SHA512
ee9f1ef8f82d9711488436f8bc36d73a9e00db22bc2242e5df935ca286c4357f8f96067c1ae24f3b2600b75025447ee53958cb5fc2c8293aa17d02a686c6761f
-
SSDEEP
6144:W9CVAXWwnNi7aJDxC82mZyqWYk4LPjFTaA8qqMBYUTd0HgKEjhQVHim9WKV5l:iigJ9CLmEXYkOpTaA8qqMBNb2VC8WKJ
Static task
static1
Behavioral task
behavioral1
Sample
be358903e08c518b81313c4cfde845b466a9d638d6924f463b58341274154d10.exe
Resource
win7-20240221-en
Malware Config
Extracted
nanocore
1.2.2.0
mup830634.duckdns.org:8763
f6f15fcb-c3e0-4bc1-8895-8e9f6db35775
-
activate_away_mode
true
-
backup_connection_host
mup830634.duckdns.org
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2021-10-29T16:40:32.309009436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
8763
-
default_group
MBACK8763
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
f6f15fcb-c3e0-4bc1-8895-8e9f6db35775
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
mup830634.duckdns.org
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
be358903e08c518b81313c4cfde845b466a9d638d6924f463b58341274154d10.exe
-
Size
481KB
-
MD5
6b1adef13c5f6eddb7d995999ba1d406
-
SHA1
36c4fe44a96bcd5fc383f684f6869891c9369041
-
SHA256
be358903e08c518b81313c4cfde845b466a9d638d6924f463b58341274154d10
-
SHA512
2143d18609e836476763cd1cf2bb1070317ec521d908dd044a229025f3438cb33631a14705148e62317f75d54e6dd637e5d0004d1b3704a4b9f42b4c12f1dacd
-
SSDEEP
12288:S2iIrOlwN/jS650PzwHJeq7hIhwtzwHJeq:ZK2Npswpeqoawpeq
-
Suspicious use of SetThreadContext
-