MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b516cf5284b513468c4df2702eab88d4c5d75e926246e97dc61ee8696716c39d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b516cf5284b513468c4df2702eab88d4c5d75e926246e97dc61ee8696716c39d
SHA3-384 hash: 77091becbcd732ca2db20bd8e54109ae3166f15d4b713cc3e6b555ff439b519e2957ebd4c91a9bdfdbd6100dd478014a
SHA1 hash: 4a88a1317edd0b467deb0fee81c4bd90024c2cab
MD5 hash: d481a1dbc48aa308af16897fb3a0613f
humanhash: harry-nevada-jupiter-lamp
File name:PO-bepan420429.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:301'550 bytes
First seen:2020-05-11 08:23:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:r892wzcuzBz6caeKY9gUMru6zWy3b4mV4tNAYKyiY5dfSYYcoc39C:ZWTfKT/2y3hlqd5dflYc73M
TLSH 805423E3B5B040D4AA1C23C9379FC6BBA8F11A028B1554AFF75D8E725E96F04F0A450E
Reporter abuse_ch
Tags:NanoCore r11


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.dpcitqlia.com
Sending IP: 45.95.169.77
From: Julie Yang <ju.yang@beaulieuasia.com>
Subject: RE: RFQ (bealieu/Pando Order)
Attachment: PO-bepan420429.r11 (contains "PO-bepan420429.exe")

NanoCore RAT C2:
79.134.225.94:9124

Hosted on nVpn:

% Information related to '79.134.225.64 - 79.134.225.127'

% Abuse contact for '79.134.225.64 - 79.134.225.127' is 'abuse@your-vpn.network'

inetnum: 79.134.225.64 - 79.134.225.127
netname: YOUR_VPN_NETWORK
country: DE
remarks: ****************************************************
remarks: This subnet belongs to a VPN service provider.
remarks: We protect the right to privacy, which means
remarks: we don't log the activities of our users.
remarks: ****************************************************
admin-c: EH4074-RIPE
tech-c: YVN10-RIPE
status: ASSIGNED PA
abuse-c: YVN10-RIPE
org: ORG-YVN1-RIPE
mnt-by: AF15-MNT
created: 2019-07-19T18:26:38Z
last-modified: 2019-07-19T18:51:28Z
source: RIPE


Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:36:51 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wulm6uuewujundcn6jyc5k4i2tc5oxusmjdos7ogd3ugszywyooq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar b516cf5284b513468c4df2702eab88d4c5d75e926246e97dc61ee8696716c39d

(this sample)

NanoCore

Executable exe edcb83c2513c6e0fe97acdc22e09a32b49dd85e00fba056b20dc8f168b488929

  
Dropping
MD5 b43b9eb8e5cd7a1b999f32776289035b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 edcb83c2513c6e0fe97acdc22e09a32b49dd85e00fba056b20dc8f168b488929

Comments