MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0d414ed2ce9d1b3dd835c925c6f6eef95a4155141c50d1c65297c25b1bba0fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0d414ed2ce9d1b3dd835c925c6f6eef95a4155141c50d1c65297c25b1bba0fc
SHA3-384 hash: 88884968ced158e0a99738e6e5fe904d518579568ca08cee38df18ddb6076479244c82e5110ae3d7b9d754b3f73ef63f
SHA1 hash: 318dc38149adb40dcf5166b5a73bd9954085f7f3
MD5 hash: 03cb706e2466192c3df2ba0ea9711a90
humanhash: colorado-carpet-timing-fifteen
File name:0759_08_07_20_REF3.pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:447'869 bytes
First seen:2020-07-08 06:51:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:b6YSYGL9SqjO4GZSv4UqAA6VThkb6CVuNp7ohTkTpbSagfRo4BJSYCepHr5q:b6TPp3cZO+kVTBCVS7ohTCZgZo4BSgg
TLSH D79423FC8A4220D5B1D473FD74F29E4EA025B2A6C1C9AD0B975F1F30EA91EE941254CB
Reporter abuse_ch
Tags:NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: ferrospg.com
Sending IP: 45.143.222.165
From: Sivakumar Vl [INDIA] <siva.kumar@vanguardlogistics.com>
Subject: REQUEST FOR QUOTE
Attachment: 0759_08_07_20_REF3.pdf.zip (contains "0759_08_07_20_REF3.exe")

NanoCore RAT C2:
wazzy.ddns.net:1716 (194.5.99.24)

Pointing to nVpn:

% Information related to '194.5.99.0 - 194.5.99.255'

% Abuse contact for '194.5.99.0 - 194.5.99.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.99.0 - 194.5.99.255
netname: INTER_CLOUD_SERVICES_RUSSIA
admin-c: ICTR1-RIPE
tech-c: ICTR1-RIPE
org: ORG-ICR2-RIPE
country: RU
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-07-20T20:42:53Z
last-modified: 2020-07-04T13:20:18Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0d414ed2ce9d1b3dd835c925c6f6eef95a4155141c50d1c65297c25b1bba0fc/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:53:07 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=udkbj3jm5hi3hxmdlsjfy33o56k2ifkrihcq2hdfff6clmn3ud6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip a0d414ed2ce9d1b3dd835c925c6f6eef95a4155141c50d1c65297c25b1bba0fc

(this sample)

NanoCore

Executable exe f5cffd780367ce051b550f171bdac33d5a4eba0b12acfac1bcfa63669c94104b

  
Dropping
MD5 0757361cb0940d08653963807aaa496a
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f5cffd780367ce051b550f171bdac33d5a4eba0b12acfac1bcfa63669c94104b

Comments