MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a95c61c471fe4910fce19a01f8ba9453a3ff2c048c20e291fa63908f7bf5775d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a95c61c471fe4910fce19a01f8ba9453a3ff2c048c20e291fa63908f7bf5775d
SHA3-384 hash: 127e91c25b8f772c72fd9da860ff8d8941512f6bb951c8875c536f821f0b5bd7ef09b381de2ad563e946094faa0185f4
SHA1 hash: fda144eb56072adf1c8718b4fd1edee8d56175ed
MD5 hash: 84703a8856b60feffec3c6dcc6ff67bb
humanhash: massachusetts-alaska-papa-carpet
File name:RFQ Appendix A-G.pdf.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:323'387 bytes
First seen:2020-05-12 08:08:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tG43C5C/RLBKS+qP2ypavDpK07CG8gSy5EE5auGvwy7zx/fa6HIAEs4xLNFoj9:tG5CHKSl+DU0d+jEXw7xE1HoZ
TLSH 4064231C6218D69BCCED22FC4AF147EA14F1E439B12A290C6E5DCB6F949B1830E5F593
Reporter abuse_ch
Tags:arj NanoCore


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: bcmcontrols.com
Sending IP: 37.49.230.220
From: Hani Bassem El Srouji <h.srouji@accsal.com>
Subject: RFQ- Design & Construction of the KIZAD- Abu Dhabi-Ready Mix Concrete
Attachment: RFQ Appendix A-G.pdf.arj (contains "RFQ Appendix A-G.pdf.exe")

NanoCore RAT C2:
sydney112.hopto.org:1007 (93.182.109.15)

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 19:00:00 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
20 of 30 (66.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfogdrdr7zerb7hbtia7rouukor76laerqqofep2moii667vo5oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip a95c61c471fe4910fce19a01f8ba9453a3ff2c048c20e291fa63908f7bf5775d

(this sample)

NanoCore

Executable exe a9cd75d30ef66be7f5d70754ff52882fbb390532669d60ad3ecb2df8a4f99a56

  
Dropping
MD5 d2e8427920f9239cbbd8ad68d1568955
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a9cd75d30ef66be7f5d70754ff52882fbb390532669d60ad3ecb2df8a4f99a56

Comments