General
-
Target
DeepFreeze.exe
-
Size
202KB
-
Sample
240423-ypp62sbd62
-
MD5
606d848584caad00d05e933758bc2620
-
SHA1
7dce40e1d7dfb125570c0a2445264b7791967e6b
-
SHA256
69ca4d42492cef4caa9e2b85988c13e0dda8e8d8d962dd1cc3fc4adb4b3478f1
-
SHA512
3e66acb0a21ad606bcb78721a46fd513e702723cd31adbf04506ac1d74cc974111b3c0b84c3f471d1096b884c27c943bcbac463f7d8c63b6e55d53cb2ccfd945
-
SSDEEP
6144:gLV6Bta6dtJmakIM5elE4UXkD2rovrO6mlOdu:gLV6Btpmkt24ttvr5du
Behavioral task
behavioral1
Sample
DeepFreeze.exe
Resource
win7-20231129-en
Malware Config
Extracted
nanocore
1.2.2.0
0.tcp.in.ngrok.io:15030
127.0.0.1:15030
571c9515-7544-4cde-8306-2a4317675385
-
activate_away_mode
true
-
backup_connection_host
127.0.0.1
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2024-02-03T21:02:27.767151536Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
3997
-
connection_port
15030
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
571c9515-7544-4cde-8306-2a4317675385
-
mutex_timeout
1000
-
prevent_system_sleep
false
-
primary_connection_host
0.tcp.in.ngrok.io
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
1000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
1000
Targets
-
-
Target
DeepFreeze.exe
-
Size
202KB
-
MD5
606d848584caad00d05e933758bc2620
-
SHA1
7dce40e1d7dfb125570c0a2445264b7791967e6b
-
SHA256
69ca4d42492cef4caa9e2b85988c13e0dda8e8d8d962dd1cc3fc4adb4b3478f1
-
SHA512
3e66acb0a21ad606bcb78721a46fd513e702723cd31adbf04506ac1d74cc974111b3c0b84c3f471d1096b884c27c943bcbac463f7d8c63b6e55d53cb2ccfd945
-
SSDEEP
6144:gLV6Bta6dtJmakIM5elE4UXkD2rovrO6mlOdu:gLV6Btpmkt24ttvr5du
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-