MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 075b25cc955f59a7d4fffc47aafed8bdd1cccb605c940ad75a59cf789970df31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 075b25cc955f59a7d4fffc47aafed8bdd1cccb605c940ad75a59cf789970df31
SHA3-384 hash: 24dec2d78e1aace334015c7f2d98ee20955132dc9b7955df4fd3181aee5309f6a43c5e317baad4af1793a445d1889c68
SHA1 hash: 5c750d5c134d32b5ae18ed8af8e4c12b82965f58
MD5 hash: 58519614f2e7377f0d39498efa8b9440
humanhash: maine-october-oklahoma-princess
File name:RFQ.05132020..gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:807'369 bytes
First seen:2020-05-13 11:09:19 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:f7JV4uGIKFcrk59TYZM1kVkxBQJauhgQteqFmEoFU2pnGyxbAOKwmeG:0uNrgtYZifGayBeqAEwUgwOi
TLSH 190533932794DC2DC4452CFB1F80A2A31DD41EF027CB6AB6696CAC9B4F4486711FE86D
Reporter abuse_ch
Tags:gz NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: gree.com
Sending IP: 173.82.173.31
From: info<wyatt@washingtonpost.com>
Reply-To: alauddiinns@gmail.com
Subject: Request of machine .& Parts quotation #PO#0010710619_&_PO#002071019
Attachment: RFQ.05132020..gz (contains "RFQ.gz.exe")

NanoCore RAT C2:
185.244.29.132:1985

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a5nsltevl5m2pvh77rd2v7wyxxi4zs3alskavv22lhhxrglq34yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 075b25cc955f59a7d4fffc47aafed8bdd1cccb605c940ad75a59cf789970df31

(this sample)

NanoCore

Executable exe d445a4a70803fa67062b82091ccd3cc7be00f138692e531bc1ca157ddbd673c6

  
Dropping
MD5 0032e8558b0273f34f871919d66c0c92
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d445a4a70803fa67062b82091ccd3cc7be00f138692e531bc1ca157ddbd673c6

Comments