General
-
Target
505d76702345bc95a07e30c9d7c57bb700e98124141d14b336e8d5c5e3e5c296
-
Size
763KB
-
Sample
240604-ca8tyshd3t
-
MD5
934076e8eda59f04b18db8f262e885e0
-
SHA1
deca51a91858374cce04f74bc503b33191143e2a
-
SHA256
505d76702345bc95a07e30c9d7c57bb700e98124141d14b336e8d5c5e3e5c296
-
SHA512
607447498f955e5217f5cf5d8b09635424ab5f212f4d1d72246048905df9744386befb39c5ed45e6a59de0de6a7758cf160df15286e48b86654c8024df0f41fe
-
SSDEEP
12288:xKpGbhBR/pzr9zlGdp+hqsFMY0HbAqbIopgfPNZhGWNJDypWy33HcAnmPv6YYUud:9bht1zlGfDsmY0kqUfUcD4j3HnmPiNU4
Static task
static1
Behavioral task
behavioral1
Sample
holf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
holf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
nanocore
1.2.2.0
cboss33.hopto.org:4722
f934e45a-6528-4b96-bd96-79fd13c4fe12
-
activate_away_mode
true
- backup_connection_host
- backup_dns_server
-
buffer_size
65535
-
build_time
2018-07-05T13:16:32.309254436Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
4722
-
default_group
Dollar
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
f934e45a-6528-4b96-bd96-79fd13c4fe12
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
cboss33.hopto.org
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
holf.exe
-
Size
884KB
-
MD5
912d6c88f475bb275629201d52ae0ae6
-
SHA1
3e64f86e98787997c98b98039bb491fa613e79cc
-
SHA256
6b8e10fb6b6aa647c8c0ba181184d950e9f47ca6753213fc96b1b3ec18409f93
-
SHA512
c8362c522e556166cc018800f721c8c4c3067d51209063f91424fbaf249b36441fc69e2556ee9b94cb7c0a6eee82d51b6105c3fa1a8148a98446e1a7e368d254
-
SSDEEP
24576:rmoO8itEqfZng7cw8lSQzuQM9saXICbmyX97i:qvZScwKSQzrM9ZzfN7i
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-