MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 405451a0d246bb8788fcaec9c3db727a6c2e2b6a01ce77216cf27464825f6937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 405451a0d246bb8788fcaec9c3db727a6c2e2b6a01ce77216cf27464825f6937
SHA3-384 hash: 20e62fd9ed042aee7b379408aa2cc967ca86ee8967831bfa1ad00c34d4b79272c3a59a722860c09806488060b28b0403
SHA1 hash: eb368dfa861d472df676f9524b3770e4a0156c3a
MD5 hash: 5b6e16713bf1932d9bb42d53707b733f
humanhash: fourteen-alaska-nevada-august
File name:Folha de dados de cotação para nossa empresa doc.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:305'373 bytes
First seen:2020-07-03 18:01:46 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:oABA+QqoO/Z4WkMcxGOS5y+FRE+ZaQrWtmrQ4F9r0uqoOykvKm:tBElO1+S5vTayWYEi0ZoOB
TLSH 5654220A5F88211C59AF1AD498372DC5D07F67056EBF622FA38DA5B43B01270D9ADE23
Reporter abuse_ch
Tags:arj NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: zita.lobocom.es
Sending IP: 213.162.200.38
From: João Marques <geral@bidakis.com>
Subject: RE: Cotação - Transitex
Attachment: Folha de dados de cotação para nossa empresa doc.arj (contains "Folha de dados de cotação para nossa empresa doc.exe")

NanoCore RAT C2:
24thmatch2020.duckdns.org:5626 (194.5.98.28)

Pointing to nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/405451a0d246bb8788fcaec9c3db727a6c2e2b6a01ce77216cf27464825f6937/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibkfdigsi25ypch4v3e4hw3spjwc4k3kahhhoilm6j2gjas7ne3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 405451a0d246bb8788fcaec9c3db727a6c2e2b6a01ce77216cf27464825f6937

(this sample)

NanoCore

Executable exe bbb434180f465363ccad24124ff5a3f326d994952fe1146c8d7b7a32bf3319f3

  
Dropping
MD5 4f6289f38c2e4b763aeb64c42b0baaa9
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bbb434180f465363ccad24124ff5a3f326d994952fe1146c8d7b7a32bf3319f3

Comments