General
-
Target
HWID-AntiLeak.exe
-
Size
202KB
-
Sample
240717-xt6h6avbjm
-
MD5
e271e776b4a0c29e2e06e89e37140f75
-
SHA1
5f7f9b5bfd76ce4432b1374d9db0b13193033668
-
SHA256
eb11c48911b2a2bc101680cffc62b62b85aaf4f9a9fa182bcb6f6932fcb5f34a
-
SHA512
7f63588f183d8f2c85e6244f156b2e1c45ca914e2ec4b22f2284853a1998017213a71d0301dc12f05be469b5a1f1571f1283a21117b08c0e7acbdad11e4769f3
-
SSDEEP
6144:gLV6Bta6dtJmakIM5RzxAnuBlMvBZORkZ:gLV6BtpmkoxAIFkZ
Behavioral task
behavioral1
Sample
HWID-AntiLeak.exe
Resource
win7-20240704-en
Malware Config
Extracted
nanocore
1.2.2.0
tax-sri.gl.at.ply.gg:9388
147.185.221.21:9388
6d80a1d3-25cc-43dd-8b15-98c047a1a532
-
activate_away_mode
true
-
backup_connection_host
147.185.221.21
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2024-04-23T00:03:11.415295036Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
9388
-
default_group
Default
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
6d80a1d3-25cc-43dd-8b15-98c047a1a532
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
tax-sri.gl.at.ply.gg
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
HWID-AntiLeak.exe
-
Size
202KB
-
MD5
e271e776b4a0c29e2e06e89e37140f75
-
SHA1
5f7f9b5bfd76ce4432b1374d9db0b13193033668
-
SHA256
eb11c48911b2a2bc101680cffc62b62b85aaf4f9a9fa182bcb6f6932fcb5f34a
-
SHA512
7f63588f183d8f2c85e6244f156b2e1c45ca914e2ec4b22f2284853a1998017213a71d0301dc12f05be469b5a1f1571f1283a21117b08c0e7acbdad11e4769f3
-
SSDEEP
6144:gLV6Bta6dtJmakIM5RzxAnuBlMvBZORkZ:gLV6BtpmkoxAIFkZ
-