General
-
Target
a7beb1717fb88ae882e1e6b7a03d4665_JaffaCakes118
-
Size
302KB
-
Sample
240614-c75hsswdrj
-
MD5
a7beb1717fb88ae882e1e6b7a03d4665
-
SHA1
43cabcbff75860fe98cab8deb24b76b451bd7eba
-
SHA256
d68d82b0f8ef38003737730d2cf5c03c7f1170f337b505d2e805ac88640ec8e1
-
SHA512
60747bfc4871610078268b36f814757346758a3ad1bec616b9c36dd5cbf74162557f88a58f439ed52ad5b18f3344b067cd432b152d35c2f08f116ec26210f3f8
-
SSDEEP
6144:wbnVM14573QTp9TOfOWlb9ZrrZqTGoJbWPrISemai7D12SAF7WYnqi:wbVMW73jfO2ZfQb6XF7D13GvnN
Static task
static1
Behavioral task
behavioral1
Sample
SY1HWascuqe8wEN.exe
Resource
win7-20240508-en
Malware Config
Extracted
nanocore
1.2.2.0
111.118.183.211:5678
grace147.ddns.net:5678
ccedb01a-467a-424c-9afe-02824128a6c0
-
activate_away_mode
true
-
backup_connection_host
grace147.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2020-03-15T04:25:54.002365836Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
5678
-
default_group
INVOICE
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
ccedb01a-467a-424c-9afe-02824128a6c0
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
111.118.183.211
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
SY1HWascuqe8wEN.exe
-
Size
361KB
-
MD5
a8f2d991ebabb3977ddf17fe93a5d4db
-
SHA1
26a48de7a0c3833f1dff6bf0098e41f450eb9df1
-
SHA256
2a6977944845d772cb0b7ea39725b00690d809b7d05845df349de7dc0681cff4
-
SHA512
0ceb4e88ab889dc95da797295927716f37a84dc741308442267f85469900cc66700a32fd882f0d7bec90303263c227b549c8fb7b50e7d4f4883e8c4c97ee7033
-
SSDEEP
6144:d6NZGDToBQE60VhejHs4d3QTp9TwfOqlbt1VrZyTGmJbW/rIKemao9Hj2SAF7U2l:d6NZGDToBQE60VhejMg3rfOKTXubop7Q
-
Suspicious use of SetThreadContext
-