nanocore | 517f321c489f68449571c735e9c1cbae5d3241a6872972b687be97d2b5d04903

Sharing

Copy URL

Twitter E-mail

General

Target

NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222.zip
Size

10.1MB
Sample

240805-d1l9bazbrd
MD5

1333e9bdcacf242b919d892883e8562a
SHA1

457dad60c79fdc637e2ba53c6a993ae48073d0a8
SHA256

517f321c489f68449571c735e9c1cbae5d3241a6872972b687be97d2b5d04903
SHA512

7d64aec16605e82e865bb48d87ab6d8eae815ed2aaa836b5fb817d3220ad0ebb9f564148ab23b374bbc268f404765f2cd99e53859fe27d73f73b66616317e5ff
SSDEEP

196608:uwAF2RqmtB/JR7WXFvDfZEdy5DoyRc8HIDftjc5e6sajAwkr+T58FezFc0J:uwAgLBOFLfZEdwoyRLoDa5zN4izF3

Score

10^/10

Malware Config

Targets

- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222.zip
- Size
  
  10.1MB
- MD5
  
  1333e9bdcacf242b919d892883e8562a
- SHA1
  
  457dad60c79fdc637e2ba53c6a993ae48073d0a8
- SHA256
  
  517f321c489f68449571c735e9c1cbae5d3241a6872972b687be97d2b5d04903
- SHA512
  
  7d64aec16605e82e865bb48d87ab6d8eae815ed2aaa836b5fb817d3220ad0ebb9f564148ab23b374bbc268f404765f2cd99e53859fe27d73f73b66616317e5ff
- SSDEEP
  
  196608:uwAF2RqmtB/JR7WXFvDfZEdy5DoyRc8HIDftjc5e6sajAwkr+T58FezFc0J:uwAgLBOFLfZEdwoyRLoDa5zN4izF3
Score

1^/10
behavioral1 behavioral2
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/ClientPlugin.xml
- Size
  
  9KB
- MD5
  
  5d0381a56563b1ca8928e3cf087f1625
- SHA1
  
  9c9f15ec3bf3f91fae6f327df558d335f790ce3b
- SHA256
  
  0497b92461c2a9ce3101d9397fb3079f60979164336a16653d282273d3085bcc
- SHA512
  
  594de3e1313255902524d11b3d7a89d35b2db2713d01f7e725cecc5959227f18ca856059932b809be420bebd478199d48303a71b66fc3e48d835dcac133d3d04
- SSDEEP
  
  192:E5cL6liTydwvbFO+y2dbEBhVR6SHaP0sJjpCZUV1:ocLBeKw+y/BfASHo0uF7j
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Databases/core.sqlite
- Size
  
  3KB
- MD5
  
  3732df3263fbaa868bb866bcca1f402c
- SHA1
  
  f247dc7dfea7bcbb69116920d48af2dabf85b444
- SHA256
  
  716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41
- SHA512
  
  bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Databases/geolocation.sqlite
- Size
  
  1.9MB
- MD5
  
  0e8d861cddede3a0b2b02cfc0b060b99
- SHA1
  
  728c1f00d7394c18b09536ca1c10124113ca3b87
- SHA256
  
  11bd851d8994d3ca9d078144679aa2dc06841addd0947b8fa8ad36758bdecf7a
- SHA512
  
  b1a5df8dcbb15826bb10265543f383348160a9f2fe3cd08ad2ea9bc277a8fafe5d7fc8bf99a11b543ebe704de9fe064b3d872526ef03b9027f0dc81a47d00660
- SSDEEP
  
  24576:b1z6MdA3TIjCeq77S4xFzYeJkPFTsWh7RTRYFQEp:b1z7A3MsuQcT5xR9Iv
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Databases/network.sqlite
- Size
  
  5KB
- MD5
  
  6978532802ded7b494a7217e0cdda8a4
- SHA1
  
  70a4239a69c2dcc38689a95f35bcfbff74c73b77
- SHA256
  
  418e070cb49cad847066a8166c26843d8b29210963f4379b9218969415a3326a
- SHA512
  
  ffd78433e0710684dbb9df606a91dc6efbb0d663aa36199dfbfa1c3645ce1697fb6012620c28fedc87f7aed80d51c5bb4ca78fe5093a26f78fe1320571720465
- SSDEEP
  
  12:HLykD5FAg9Gjiagk2mK5avVxsiLC9l37mz4WA9G88PkaGWWEg6:ryU5F4jiTk2xmG37cWwb8Yg
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/NanoCorex.exe
- Size
  
  5.5MB
- MD5
  
  86e969198fa021717306f6e1fa91f548
- SHA1
  
  8ff9dc70c623824f91c75af4a4a57b62cea0f0b3
- SHA256
  
  5d66f49d642c092195beca3500408edd09409fefc65284ec3f69a8454dc3dfa7
- SHA512
  
  36d9d1a468575aa2a76c486a61fa430eae095f5ec24c75915523b758339d00844b5695665101740cce1c3cc61ed3bf8014d623a02feddfbd06cfa2db06761f0e
- SSDEEP
  
  98304:TJnZwQ8/VAQRxdsPKJ/lRM/oO3FX5Tz1m2HK1LtKfDAy9Yi7O+Kx:TJWQ8/GQDd3JjPOVXRzPHGL4fDAy9Yiq
Score

10^/10

xmrig defense_evasion discovery evasion miner persistence privilege_escalation
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: Clear Persistence
  Clear artifacts associated with previously established persistence like scheduletasks on a host.
  defense_evasion
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/PluginCompiler.exe
- Size
  
  75KB
- MD5
  
  e2d1c5df11f9573f6c5d0a7ad1a79fbf
- SHA1
  
  b32bf571aca1b51af48f7f2f955aaf1bbdc5aa2f
- SHA256
  
  0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
- SHA512
  
  9c9ae7baa504dd34311f5730280f6a49e10eefdb145d2d29849e385a7da47c8f2c182cd6f39949f5904ef8462fc5c3dfaf1bc4cc8bff50c6750c9edc886192e0
- SSDEEP
  
  1536:iyVzgm8NqToL6n975lw8FDx39EhPKu4iV1Y:iyVMLUTos5SAx3ChPKpiVe
Score

1^/10
behavioral13 behavioral14
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/ManagementPlugin.ncp
- Size
  
  300KB
- MD5
  
  b612c2c9a6d361a5db14c04ba126119c
- SHA1
  
  d2b29e235b0f45242088b78313438bdfd51209dc
- SHA256
  
  b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c
- SHA512
  
  194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c
- SSDEEP
  
  6144:auy9l52Cg/8C/OBFAhL01/qR2UJ2Jdd/FK3bCr6dVqZaUyBn:Dy9XYviaVU7UJ2JdddKLLmZaUyBn
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/MultiCore.ncp
- Size
  
  236KB
- MD5
  
  becb82e1e914e906be158e3f9dd658ac
- SHA1
  
  725d3d658680ca8dcb610d998db4b28733b5ee52
- SHA256
  
  5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33
- SHA512
  
  1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174
- SSDEEP
  
  3072:FAqJZuZc6UvgoULCuDWmX3V7/ML69L78zoUN26XmyID1mUTeWX/AVyUyOo:nJ8CmXh/Mu93Q2emDmUtGDyOo
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/NanoBrowser.ncp
- Size
  
  102KB
- MD5
  
  8b13fdc96af0a84c152f5a601dcc6b06
- SHA1
  
  1250db70fda8a2c32f37bbdc5638074c6dc171a7
- SHA256
  
  997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0
- SHA512
  
  536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552
- SSDEEP
  
  3072:HIj2Isbk7up2mUG11AeEmELUCEVlmcE+UG1f18k9cynq:HxI6kqpF1DvEgCEVlLE+H1D9cKq
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/NanoNana.ncp
- Size
  
  157KB
- MD5
  
  c5d40b767bd6b97f88ccce13956d0ad8
- SHA1
  
  ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100
- SHA256
  
  a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa
- SHA512
  
  3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1
- SSDEEP
  
  3072:LAZbhTaGeC1gufrNv6UDKBK2vUULaC5XnEYW4tb:LAZtjxp97yH8UW2Ew5
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/NanoStress.ncp
- Size
  
  117KB
- MD5
  
  ba6f59df971d6db7a8951edbd5d6691b
- SHA1
  
  ed766de1fb4ab0889b3fbc8127f1393eb3cddc15
- SHA256
  
  6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581
- SHA512
  
  bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2
- SSDEEP
  
  3072:kii5Kf19IhewHVavQAYCtajX1ctI3CN1070xa6hqNZpjiy:kHIf1rwH1AZtQX1R361za6Ufp+y
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/SecurityPlugin.ncp
- Size
  
  74KB
- MD5
  
  44bd68199bb393d0eeb7ae83b56d9b9f
- SHA1
  
  c6cfa069a17ace16c651a11945bd54f4ca6193d1
- SHA256
  
  25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12
- SHA512
  
  a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4
- SSDEEP
  
  1536:LfZUCqgFkjWvhlnC9yQv+lyjchdSY1J+XElJyuyQvnEM:EWkSrnC9yW+lyjcfSU+QA0EM
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/SurveillancePlugin.ncp
- Size
  
  352KB
- MD5
  
  ed3edf12bac989d1dd6edf7146feb805
- SHA1
  
  776a667bf2341b43e199c3601856ac223b86d221
- SHA256
  
  3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040
- SHA512
  
  e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413
- SSDEEP
  
  6144:HYC1gTVmvsTgdkhI85gV8e3Hs10ECDNn7fg5EvFMcakidUlqB5HFMKmJ:4/wvwWkyMMj3Hs16Zfg5qMPk2wKHFXa
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Plugins/VisibleMode1.1.ncp
- Size
  
  49KB
- MD5
  
  37c2ef6e5214600396ee87c4168a5664
- SHA1
  
  69b6e1f612f5a3435fab05074cffd3ebd1c232fa
- SHA256
  
  4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2
- SHA512
  
  667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab
- SSDEEP
  
  768:dLj3mCeisGk1OgO42M17H4y8DjLB1uzGLLwKS3oWXq3zZIHae35q+7ZjEC7yv3s+:t3IGk1PxiyHzGwgNq6e3z7Zo1v8ra
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  NanoCore 1.2.2.0_Fixed_Cracked By Alcatraz3222/Resources/Audio/notify.wav
- Size
  
  45KB
- MD5
  
  832a3652fd780edcdb2439ec33532c0d
- SHA1
  
  f0754ee6519d77700f5ee5b744b8c99386d7b577
- SHA256
  
  45f4136e58a5f749d125d2ab54308f81954d2c5b364b66013660a6c358845d1e
- SHA512
  
  3b3b55afcdfa00d9b7085b20ed52a7b4d8b7d403f5d0d1c539781db1a20257efd8c856e19b8f32ea33766a580690b498ff063849519691a9a4cbbcd3e9447cd4
- SSDEEP
  
  768:QVPqefmaP5C3KduJn13jSHYHzIcr6DPW75Pvi3Fy5NQbIbhuJLA+LhDclY3Rp6:yP1mU5GlJnBS4TIQ6o163ofQ8b4Pfm
Score

6^/10

discovery
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31 behavioral32