Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Sleezy Perm.exe

windows7-x64

10

Sleezy Perm.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sleezy Perm.exe

  • Size

    203KB

  • Sample

    240929-nghf5avhpc

  • MD5

    de919cd81dbc73009cf1f2c7afa0261f

  • SHA1

    1035e1d6d8c6eeda52ecd7eedc50e3a0fc56fa4e

  • SHA256

    e5adaf3c85de58d621239a61f334c27184d358190486f6d1b636091d4f28e267

  • SHA512

    4471e19a54ada2cff178bb4d37ad3a0aae447b41738e1733cf3d49dce88218114ea195cf51c6d94ee2d40daf3c3f407cee4966b70fe47f12cae85dfaa8c3a7ca

  • SSDEEP

    6144:MLV6Bta6dtJmakIM5pDr7rb2Wdkytz9s8:MLV6BtpmkYmWltJ

Score
10/10
nanocorediscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

2.tcp.eu.ngrok.io:10394

Mutex

30f49b23-950b-4b3d-8502-1a1754bed2e5

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    2.tcp.eu.ngrok.io

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2024-07-11T12:52:18.241478536Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    10394

  • default_group

    Default

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    30f49b23-950b-4b3d-8502-1a1754bed2e5

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    2.tcp.eu.ngrok.io

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      Sleezy Perm.exe

    • Size

      203KB

    • MD5

      de919cd81dbc73009cf1f2c7afa0261f

    • SHA1

      1035e1d6d8c6eeda52ecd7eedc50e3a0fc56fa4e

    • SHA256

      e5adaf3c85de58d621239a61f334c27184d358190486f6d1b636091d4f28e267

    • SHA512

      4471e19a54ada2cff178bb4d37ad3a0aae447b41738e1733cf3d49dce88218114ea195cf51c6d94ee2d40daf3c3f407cee4966b70fe47f12cae85dfaa8c3a7ca

    • SSDEEP

      6144:MLV6Bta6dtJmakIM5pDr7rb2Wdkytz9s8:MLV6BtpmkYmWltJ

    Score
    10/10
    nanocorediscoveryevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.