MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a951d844304c06484222488bf62b196e41ce910877e4e989543606a03aedcec1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a951d844304c06484222488bf62b196e41ce910877e4e989543606a03aedcec1
SHA3-384 hash: 00e928eacae63ba325196db4811a86b0db345cd7e0a437d427e084b8cb141b9b55317fe3306d8d808d15c4532faa3149
SHA1 hash: e32b2d28198e9bdbb52a0f7ceb30b09ce60ff067
MD5 hash: 24022dfe210e1d5930440d260bd222ba
humanhash: green-arkansas-uncle-burger
File name:DMX_Asia_Pte,pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:347'182 bytes
First seen:2020-07-10 06:50:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:PE5Dqde3y6HoqJr4XI2wGKKlYBXrXSSqT+UH+ZtNz6gwdUuTb0COmlP4IOUVn:ODqdeb7JrEfYtQT+LNEdV09mlwxqn
TLSH 72742371B0781BCA5255F5C89F1E0E5ED8C1A99BD084CAC492CA42965A33D31F4BFCDA
Reporter abuse_ch
Tags:NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: cpanel2.roimaxserver.com
Sending IP: 93.174.124.211
From: Lily Chang <sales@nitto.com.sg>
Subject: Offer Request
Attachment: DMX_Asia_Pte,pdf.zip (contains "DMX_Asia_Pte,pdf.exe")

NanoCore RAT C2:
billionaire.ddns.net:3734 (79.134.225.122)

Pointing to nVpn:

% Information related to '79.134.225.64 - 79.134.225.127'

% Abuse contact for '79.134.225.64 - 79.134.225.127' is 'abuse@your-vpn.network'

inetnum: 79.134.225.64 - 79.134.225.127
netname: YOUR_VPN_NETWORK
country: DE
remarks: ****************************************************
remarks: This subnet belongs to a VPN service provider.
remarks: We protect the right to privacy, which means
remarks: we don't log the activities of our users.
remarks: ****************************************************
admin-c: EH4074-RIPE
tech-c: YVN10-RIPE
status: ASSIGNED PA
abuse-c: YVN10-RIPE
org: ORG-YVN1-RIPE
mnt-by: AF15-MNT
created: 2019-07-19T18:26:38Z
last-modified: 2019-07-19T18:51:28Z
source: RIPE


Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a951d844304c06484222488bf62b196e41ce910877e4e989543606a03aedcec1/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 05:45:17 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfi5qrbqjqdeqqrcjcf7mkyznza45eiio7sotckugydkaoxnz3aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip a951d844304c06484222488bf62b196e41ce910877e4e989543606a03aedcec1

(this sample)

NanoCore

Executable exe bfbb3994c6e4d6ae2d30921757d039e004d1f5274c314765e641bf111bc0dec7

  
Dropping
MD5 afd14de232371717b96865c8447ae630
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfbb3994c6e4d6ae2d30921757d039e004d1f5274c314765e641bf111bc0dec7

Comments