General
-
Target
Nanocore.exe
-
Size
1.5MB
-
Sample
230324-2jy4jshg69
-
MD5
18cc0a0c22f147a3e4bf9c55777b4f22
-
SHA1
f0b3b4fd6287b463055ddd9fe75b528559feaef7
-
SHA256
1c90851dce5ace39a0926588f0034e99d3bae32dea2578b68bdb1add7c9508e1
-
SHA512
efc01522d816d7a770c4e7a379caf00b81a43f24db313dcc3cd1ec5c32117dce4b4ebba2f1db210abb6dc659e18b3a74045f584f413dd620e0e83a6dea45b47e
-
SSDEEP
24576:yKWAN/6zZxEhXMV6ISdu+0TVc4SEltlYKwIPapqBwKYp9cHD2iYUdhwB/QqWJXpF:yhAN/6z3E9MV6ISdulTVcQ0IlYLcHD9v
Static task
static1
Behavioral task
behavioral1
Sample
Nanocore.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
xworm
considered-arrest.at.ply.gg:19159
-
install_file
USB.exe
Targets
-
-
Target
Nanocore.exe
-
Size
1.5MB
-
MD5
18cc0a0c22f147a3e4bf9c55777b4f22
-
SHA1
f0b3b4fd6287b463055ddd9fe75b528559feaef7
-
SHA256
1c90851dce5ace39a0926588f0034e99d3bae32dea2578b68bdb1add7c9508e1
-
SHA512
efc01522d816d7a770c4e7a379caf00b81a43f24db313dcc3cd1ec5c32117dce4b4ebba2f1db210abb6dc659e18b3a74045f584f413dd620e0e83a6dea45b47e
-
SSDEEP
24576:yKWAN/6zZxEhXMV6ISdu+0TVc4SEltlYKwIPapqBwKYp9cHD2iYUdhwB/QqWJXpF:yhAN/6z3E9MV6ISdulTVcQ0IlYLcHD9v
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-