General
-
Target
DHL SHIPMENT DETAILS.exe
-
Size
329KB
-
Sample
200630-4hhkp8lvxs
-
MD5
aea6a74f303ac1db67b93b18dc7427b0
-
SHA1
4fe9e34f85efefee8ba56a73ddb450bec6cd088d
-
SHA256
26f45dc6e383ee31df6aabe8a5b4ecc625b76631f2a377803622a2990f3a8408
-
SHA512
d9dd598cc3f60be1c0a51cadc9c4f027841f87087ed724ae7c2c6d84c30e851ef0f817f7720717f286ded47a9f980e937cf9c81e098a76f5d27932089de82884
Static task
static1
Behavioral task
behavioral1
Sample
DHL SHIPMENT DETAILS.exe
Resource
win7
Malware Config
Extracted
nanocore
1.2.2.0
ashebi.ddns.net:5050
185.140.53.10:5050
b62e8cc6-adaa-4794-b4c7-4d04ef6cbd3b
-
activate_away_mode
true
-
backup_connection_host
185.140.53.10
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-30T07:20:12.975094236Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
false
-
connect_delay
4000
-
connection_port
5050
-
default_group
DON
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
b62e8cc6-adaa-4794-b4c7-4d04ef6cbd3b
-
mutex_timeout
5000
-
prevent_system_sleep
false
-
primary_connection_host
ashebi.ddns.net
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5012
-
run_delay
0
-
run_on_startup
false
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
DHL SHIPMENT DETAILS.exe
-
Size
329KB
-
MD5
aea6a74f303ac1db67b93b18dc7427b0
-
SHA1
4fe9e34f85efefee8ba56a73ddb450bec6cd088d
-
SHA256
26f45dc6e383ee31df6aabe8a5b4ecc625b76631f2a377803622a2990f3a8408
-
SHA512
d9dd598cc3f60be1c0a51cadc9c4f027841f87087ed724ae7c2c6d84c30e851ef0f817f7720717f286ded47a9f980e937cf9c81e098a76f5d27932089de82884
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-