MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f49fac76e84e9227d6caa2b99ff92bc037421248d255797191c30a0e5780ffa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f49fac76e84e9227d6caa2b99ff92bc037421248d255797191c30a0e5780ffa
SHA3-384 hash: 2421efdd5c0b85fbcc14bc811d14d4c679aba31221c098b558ba7d72fcf029696a9421cb5d1a8210de3a19dd7f1e9bff
SHA1 hash: ddab74d6c0ae9cf656f3db9e4649f62ebe0afd7d
MD5 hash: afbbf43f3bfe3c00e37af1fb53a10af9
humanhash: ten-table-bravo-yellow
File name:Swift Copy.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:327'173 bytes
First seen:2020-07-13 07:02:33 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:1qKU2fWAKF7Ada0tp7gX1K24qGgn0Qmzz1hwFDYi0rN6Z:1xhKF7AdVcV0Qm3kciHZ
TLSH D16423363E2B7E8B30898A60A8971F8C632573B9D05FD35B6F15EDC7E2612020F69017
Reporter abuse_ch
Tags:arj NanoCore nVpn RAT Santander


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: host12.dnsforindia.com
Sending IP: 103.235.106.141
From: Banco Santander SA <accionista@santander.com>
Reply-To: sjrkintluea@gmail.com
Subject: Your beneficiary advice from Banco Santander SA branch/subsidiary
Attachment: Swift Copy.arj (contains "Swift Copy.exe")

NanoCore RAT C2:
185.165.153.26:1985

Hosted on nVpn:

% Information related to '185.165.153.0 - 185.165.153.255'

% Abuse contact for '185.165.153.0 - 185.165.153.255' is 'abuse@privacy-matters.co'

inetnum: 185.165.153.0 - 185.165.153.255
netname: PRIVACY_MATTERS
remarks: This prefix belongs to a VPN service provider.
remarks: We stand for freedom and privacy protection, therefore we don't log any user activities.
country: EU
admin-c: PMVS3-RIPE
tech-c: PMVS3-RIPE
org: ORG-PMVS1-RIPE
status: ASSIGNED PA
mnt-by: PM-MNT
created: 2019-10-18T12:14:26Z
last-modified: 2020-07-11T11:22:34Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f49fac76e84e9227d6caa2b99ff92bc037421248d255797191c30a0e5780ffa/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:04:04 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5e7vr3oqtuse7lmvivzt74sxqbxiijerusvpfyzdqykbzlyb75a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 8f49fac76e84e9227d6caa2b99ff92bc037421248d255797191c30a0e5780ffa

(this sample)

NanoCore

Executable exe b87ec3d4ae4232b0e9a0e6f42f32717242f8eabaed85c2d380737a3fa17bbf4e

  
Dropping
MD5 ad1c42862f698ded13eee3062d95cb1a
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b87ec3d4ae4232b0e9a0e6f42f32717242f8eabaed85c2d380737a3fa17bbf4e

Comments