MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8c3d37226a81628b4647e17a2c8fed507505a2854ec3f7b7a28be5ecdae42f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8c3d37226a81628b4647e17a2c8fed507505a2854ec3f7b7a28be5ecdae42f9
SHA3-384 hash: 4e5014d6030baeb0e9000c635196c6c0be5c14fc77998b96c407168fe07cf7b614a2495b6fffc3f7d48a54211a11ed86
SHA1 hash: 23d79b14f6d8687c9c3ce95dbc05f28054b309ae
MD5 hash: f6e251278680f0f2b52e9eda6edf2137
humanhash: lion-wisconsin-tango-jig
File name:Información confidencial de entrega Chile AD0AhFnh2020.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:379'574 bytes
First seen:2020-06-18 18:44:04 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:03skwNQ3DfwDfq91g9hAkhjMDiFdBTAfKrEf5kLWUIFT4f1mWs+zAEuELp:fkwf7q9C9BhjgiFrA+Ef5k0R4EWr04
TLSH 2384236990514480AA4D2A7B6524EE27383BDE6311F37C36BDEC32370E6176D8B73857
Reporter abuse_ch
Tags:arj COVID-19 NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: dedicated.fco.pt
Sending IP: 151.236.46.67
From: ChilePost <no-reply@posta.hu>
Subject: Rv:Aviso de entrega
Attachment: Información confidencial de entrega Chile AD0AhFnh2020.arj (contains "Información confidencial de entrega Chile AD0AhFnh2020.exe")

NanoCore RAT C2:
duckmeat.duckdns.org:5626 (194.5.98.28)

Pointing to nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 19:35:51 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vdb5g4rgvalcrndepyl2fsh62udvawriktwd6632fc7f5tnoil4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj a8c3d37226a81628b4647e17a2c8fed507505a2854ec3f7b7a28be5ecdae42f9

(this sample)

NanoCore

Executable exe f728252169da3a6dc69cd201835230c017ce37c9a9cd06c1e7daa3153ebc6f80

  
Dropping
MD5 91525a4a2e396ba3f30e5b583ce3a7ad
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f728252169da3a6dc69cd201835230c017ce37c9a9cd06c1e7daa3153ebc6f80

Comments