Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1f0c4b2bfc...a6.exe

windows7-x64

10

1f0c4b2bfc...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f0c4b2bfc1d9dc27b3624894740779c748988c8134c7e455706d5a0a8d1c0a6.exe

  • Size

    434KB

  • Sample

    241122-lvyn6avjdr

  • MD5

    1ca4a0e2f74e5ffd751683f6afd1556e

  • SHA1

    228e7c61d1f6963a1a6617d02c9e3d8705088d64

  • SHA256

    1f0c4b2bfc1d9dc27b3624894740779c748988c8134c7e455706d5a0a8d1c0a6

  • SHA512

    5de83b5f4823e6fcc6f0f297a43c581bbcb875ba9ad78afc2d45179dc1d7040725c612392113ae47fcbf8957891439f1247b92091f2efbc861b8fe2ab1d92819

  • SSDEEP

    12288:nmJileuH/oPLDnoG3l+g9whD89s88C51/lX:Lee8FV+Gigs8H

Score
10/10
nanocorediscoveryevasionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

37.0.10.137:9025

Mutex

b7d9d933-745d-49c1-bd0c-e06768b05c24

Attributes
  • activate_away_mode

    true

  • backup_connection_host

    37.0.10.137

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2021-08-01T05:05:17.189046036Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    9025

  • default_group

    LYDECKER

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    b7d9d933-745d-49c1-bd0c-e06768b05c24

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    37.0.10.137

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    true

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Targets

    • Target

      1f0c4b2bfc1d9dc27b3624894740779c748988c8134c7e455706d5a0a8d1c0a6.exe

    • Size

      434KB

    • MD5

      1ca4a0e2f74e5ffd751683f6afd1556e

    • SHA1

      228e7c61d1f6963a1a6617d02c9e3d8705088d64

    • SHA256

      1f0c4b2bfc1d9dc27b3624894740779c748988c8134c7e455706d5a0a8d1c0a6

    • SHA512

      5de83b5f4823e6fcc6f0f297a43c581bbcb875ba9ad78afc2d45179dc1d7040725c612392113ae47fcbf8957891439f1247b92091f2efbc861b8fe2ab1d92819

    • SSDEEP

      12288:nmJileuH/oPLDnoG3l+g9whD89s88C51/lX:Lee8FV+Gigs8H

    Score
    10/10
    nanocorediscoveryevasionkeyloggerspywarestealertrojan

    • NanoCore

      NanoCore is a remote access tool (RAT) with a variety of capabilities.

      keyloggertrojanstealerspywarenanocore

    • Nanocore family

      nanocore

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.