General
-
Target
NanoCore_Portable (2).exe
-
Size
6.5MB
-
Sample
230324-23s2mshh67
-
MD5
0fc29b0b1e97b719e9aeac74d08470ab
-
SHA1
307db48028ec6f9869f80d3de3ec7bfbbf18a33a
-
SHA256
40efa0ccacc28f418702a80cbfc1623ed3e7ba5fc03d84a71aedeed615d80da1
-
SHA512
3ea091b5508d42075c79c74681d59a6dad9a4a8aa617138798c889d6eec9fcbe8bf7d7bdbfac40ee7ca6d055a138dc6b9524c706bde847712185c2b34e2b9d15
-
SSDEEP
196608:2/LjS66hJNQ3WgJMI4iomAgS7yl4FV5TQf7GnL4yw1oYYKI5x:2aBfNQGgj4imzQ4FVw7GLpA1I5
Static task
static1
Malware Config
Extracted
xworm
considered-arrest.at.ply.gg:19159
-
install_file
USB.exe
Targets
-
-
Target
NanoCore_Portable (2).exe
-
Size
6.5MB
-
MD5
0fc29b0b1e97b719e9aeac74d08470ab
-
SHA1
307db48028ec6f9869f80d3de3ec7bfbbf18a33a
-
SHA256
40efa0ccacc28f418702a80cbfc1623ed3e7ba5fc03d84a71aedeed615d80da1
-
SHA512
3ea091b5508d42075c79c74681d59a6dad9a4a8aa617138798c889d6eec9fcbe8bf7d7bdbfac40ee7ca6d055a138dc6b9524c706bde847712185c2b34e2b9d15
-
SSDEEP
196608:2/LjS66hJNQ3WgJMI4iomAgS7yl4FV5TQf7GnL4yw1oYYKI5x:2aBfNQGgj4imzQ4FVw7GLpA1I5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-