MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82dca3cfbc3ee8fbb43ce3ff02a66cc676dd2592804f56f41d6cd173726191e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82dca3cfbc3ee8fbb43ce3ff02a66cc676dd2592804f56f41d6cd173726191e4
SHA3-384 hash: b8d26848b58e3e84c2cf5083cc51ba0183a6284bd1200982d4e99e30ce626f7c570e2061284d4d0e38cb7bce34682e3c
SHA1 hash: bf7100dd5856c5d82b7b97545cf7c1c780e9b29b
MD5 hash: e8514befcc1a98ce9062068d43c08261
humanhash: oklahoma-nevada-kilo-quebec
File name:RFQ052020.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'315'544 bytes
First seen:2020-05-20 06:51:59 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:ymHTJU6NXnHOqdcoAto6XomRHT2EIwmyvuTmC8oj5+syw1LGP2Zx:BHdU6NXnHOicoAtJX3RHLIwLm5+sRLGa
TLSH 635523D378FC32BD566386BBD794EB016284CB0B7D0D0C11F93D66B36629352A92CA25
Reporter abuse_ch
Tags:arj NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sanyuktaguptea.pw
Sending IP: 173.82.232.171
From: Aashish Singh <info@sanyuktaguptea.pw>
Reply-To: alauddiinns@gmail.com
Subject: Quotation Request
Attachment: RFQ052020.arj (contains "RFQ052020.exe")

NanoCore RAT C2:
185.244.29.132:1985

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:40 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qlokht54h3upxnb44p7qfjtmyz3n2jmsqbhvn5a5ntixg4tbshsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 82dca3cfbc3ee8fbb43ce3ff02a66cc676dd2592804f56f41d6cd173726191e4

(this sample)

NanoCore

Executable exe 19dcafec37ae1784254a1e687c89f28f211b833a8ed7c5437db9443c5f51336c

  
Dropping
MD5 6b1d55e0199b6c580c72119c108efb54
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 19dcafec37ae1784254a1e687c89f28f211b833a8ed7c5437db9443c5f51336c

Comments