General
-
Target
ada5c21676bbedc2d53858fba5d33702_JaffaCakes118
-
Size
271KB
-
Sample
240615-kw7ssavcmd
-
MD5
ada5c21676bbedc2d53858fba5d33702
-
SHA1
337498519c6b18cd4377deb3458b75c2d22deec5
-
SHA256
0c493a39761851a26d351a3258692fe144cf756097a4bd923a959e8795ad6c6c
-
SHA512
5bc026d2b9e6424d49d0e9c3a56ec3d383ada9476562c6c05a6fe0ded5f63e777413c452b6636882c917a7574070c7f5ad3fc3b6e7d17a56b74d58c6663bc27c
-
SSDEEP
6144:Kghwd46QVqqkwYm+f6kmd+PdTc3BZIKI1+OOxx3t09q+sEACKA1mPf:KgL6g//RoTUIL1ix3OwBnygf
Static task
static1
Behavioral task
behavioral1
Sample
Quotation_Request_Sheet_0089600090944833933.exe
Resource
win7-20231129-en
Malware Config
Extracted
nanocore
1.2.2.0
185.125.205.71:6789
omada1.ddns.net:6789
1e6a039e-ec2c-48e8-b50f-442df5e4a007
-
activate_away_mode
true
-
backup_connection_host
omada1.ddns.net
-
backup_dns_server
8.8.4.4
-
buffer_size
65535
-
build_time
2018-04-28T10:38:03.742178936Z
-
bypass_user_account_control
true
- bypass_user_account_control_data
-
clear_access_control
true
-
clear_zone_identifier
true
-
connect_delay
4000
-
connection_port
6789
-
default_group
15 star
-
enable_debug_mode
true
-
gc_threshold
1.048576e+07
-
keep_alive_timeout
30000
-
keyboard_logging
false
-
lan_timeout
2500
-
max_packet_size
1.048576e+07
-
mutex
1e6a039e-ec2c-48e8-b50f-442df5e4a007
-
mutex_timeout
5000
-
prevent_system_sleep
true
-
primary_connection_host
185.125.205.71
-
primary_dns_server
8.8.8.8
-
request_elevation
true
-
restart_delay
5000
-
run_delay
0
-
run_on_startup
true
-
set_critical_process
true
-
timeout_interval
5000
-
use_custom_dns_server
false
-
version
1.2.2.0
-
wan_timeout
8000
Targets
-
-
Target
Quotation_Request_Sheet_0089600090944833933.exe
-
Size
437KB
-
MD5
700cedae278fb3092153285d13bafbfe
-
SHA1
8e291c02383b22a4baa40fe09fa9bccc8a21b689
-
SHA256
8397aac7952f0432c2aff655eb67d09f849e41389f00a663d6e8cb681f21c2dd
-
SHA512
99671a59e3a45b81a0ee557adb97360e02f51eb1c8d9830e4e16fe7a0c7cd171249d21c87777e215a5cdd6f4b3a8f3c1f864cbb1a209c55068774206b1604de3
-
SSDEEP
6144:n1UuE2wWm+f6hmQPUDQcFBZUKi1+OO7x3t0omda:4o1QmUB10x3ON
-
Drops startup file
-
Suspicious use of SetThreadContext
-