MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83df743a1cc34b1e556293d1e23996ee1035e8ba78c3c2c4827e59bf491e1732. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83df743a1cc34b1e556293d1e23996ee1035e8ba78c3c2c4827e59bf491e1732
SHA3-384 hash: e087d6e2281b8ceca847cd394972c52100373ff88fca63f2e8b4ea561ef6780b2228d10ddb630d16a0c614c3f902c975
SHA1 hash: 95a796bd5e6150441d6afe02ec9169d22b0393f6
MD5 hash: 7526a715a850893158a905de3615ebb3
humanhash: neptune-summer-skylark-item
File name:phorncha ltd 05-11-2020 .xz
Download: download sample
Signature NanoCore
Create hunting rule
File size:298'873 bytes
First seen:2020-05-11 12:50:08 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:oS2FOKpyPoE6USKetxPyjyp/c8zt4s9ajMl40IGFyUA9F0fEBzY5OBUrtOL:AOKpyP4HbZ0YmsYKjIGFvAfHM4BUrtI
TLSH F35423FAD2B2DBA93E57DC751F8A09DCB2EC6180C7A8B10575F8A0C89014B7DA5607F4
Reporter abuse_ch
Tags:NanoCore nVpn Outlook RAT xz


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: APC01-PU1-obe.outbound.protection.outlook.com
Sending IP: 104.47.126.57
From: preecha klacharoensombat <esc_002@hotmail.com>
Subject: Quotation for May (month) PO--4829848430
Attachment: phorncha ltd 05-11-2020 .xz (contains "phorncha ltd 05-11-2020 .exe")

NanoCore RAT C2:
185.244.29.248:10011

Hosted on nVnpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 13:36:16 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qppxioq4ynfr4vlcspi6eomw5yidl2f2pdb4frecpzm36si6c4za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

xz 83df743a1cc34b1e556293d1e23996ee1035e8ba78c3c2c4827e59bf491e1732

(this sample)

NanoCore

Executable exe 080a6fbf91637b683b6f363092f9b7d6e75b8442c6f9df32ffea0788e16fafdf

  
Dropping
MD5 dba3c8e9dde9dd0df134d08192e2d917
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 080a6fbf91637b683b6f363092f9b7d6e75b8442c6f9df32ffea0788e16fafdf

Comments