General
-
Target
a77f6cfb776ad670daca171a45cb5adf_JaffaCakes118
-
Size
862KB
-
Sample
240614-bn3pestbjl
-
MD5
a77f6cfb776ad670daca171a45cb5adf
-
SHA1
b1fc0f3a5e23a87dc277a44a8500a690db37a7a8
-
SHA256
d1284021af0b7767d4bd4d0228fb7b23ff2fc3f04d7b79d9a6e153ea632971e8
-
SHA512
6a1ac0ac1ff562c9bccbc41869f6d87f64cf4b9a9bf2fbd9aa291616b0dd22575dd49433eec36aa751faf4018eabc2ee2a672488f74abf6b5b670998024fcb2d
-
SSDEEP
24576:8roEM67ToWC7nmWBI6jbzfim5ICNPzO6lsFP3ATX07dyahX6FP6:8ci7q7nL+YbzfX6yPEATXqQah6w
Static task
static1
Behavioral task
behavioral1
Sample
PII.exe
Resource
win7-20240220-en
Malware Config
Extracted
nanocore
1.2.2.0
officef365.ddns.net:45209
95.140.125.119:45209
752d5116-e1e2-4e9b-8dd7-e394b6cf8edd
-
activate_away_mode
false
-
backup_connection_host
95.140.125.119
- backup_dns_server
-
buffer_size
65538
-
build_time
2019-01-20T10:32:28.938318936Z
-
bypass_user_account_control
false
-
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
-
clear_access_control
false
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
45209
-
default_group
NBENE2019
-
enable_debug_mode
true
-
gc_threshold
1.0485772e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.0485772e+07
-
mutex
752d5116-e1e2-4e9b-8dd7-e394b6cf8edd
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
officef365.ddns.net
- primary_dns_server
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
false
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8009
Targets
-
-
Target
PII.exe
-
Size
920KB
-
MD5
d90b10d6e4bbe30db912815d8e7c5344
-
SHA1
b27a4f6255251ede6ec79fe0ac098b495b664ab4
-
SHA256
c7db8edd3dfa6f4f1171b38a976581c13779b25a87eb2f93973d6e0da47f0d5c
-
SHA512
591ad5b0764f7da7aafdbe2e77f6c852ffd6cb42a7ed476effc7a4e6265a237645ae864c5cfb92fdac210b1219928312b6b50a0e388b7963f76e71e12a73377a
-
SSDEEP
24576:f2O/Glt//3XKWFs9KHoFKG8Atm+F3wmxhKbH3rUO46GA:kXpFsVMG8um+xwmxUT3i4
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-