MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df438c4bbf20acdf17c9a267e7c26173a8d9155a477b752e7fd29e364d7e7c2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df438c4bbf20acdf17c9a267e7c26173a8d9155a477b752e7fd29e364d7e7c2f
SHA3-384 hash: 17c5a19e3e5e3d6d01204131fc133aba36538c0534e2d3b072dbf8b62e9306a6e987fd38ff5eecfd88d628910193b4a2
SHA1 hash: 594e83b935eeded9ad8c040cb0df0497daa28e6d
MD5 hash: 413436b0daebc27142fb8a7242e01717
humanhash: quiet-connecticut-happy-ink
File name:New-Inquiry 01052020.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:414'337 bytes
First seen:2020-05-01 12:50:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:UEXHO64AKs/CLhn1qvIr/lz5CeBsWWBb4x6KxQ4LEJl7hvHQfKkbbNTJknQpKGqu:UEe6KsaLDDCosWWBbcH1ynslTJAqqtE
TLSH 4894239F05BADCDED0C59953D409DE4F3CD64B22A210A5587298294EC33AF4FDA1BB0E
Reporter abuse_ch
Tags:NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: labex.net
Sending IP: 212.162.151.137
From: kamlesh kumar <kamlesh@labex.net>
Subject: Attention needed as per Order
Attachment: New-Inquiry 01052020.zip (contains "New-Inquiry 01052020.scr")

NanoCore RAT C2:
smartslaves.hopto.org:40007 (79.134.225.24)

Pointing to nvpn:

% Information related to '79.134.225.0 - 79.134.225.63'

% Abuse contact for '79.134.225.0 - 79.134.225.63' is 'abuse@anmaxx.net'

inetnum: 79.134.225.0 - 79.134.225.63
netname: BASEL-HOSTING-225-0
country: CH
admin-c: AM38880-RIPE
tech-c: AM38880-RIPE
status: ASSIGNED PA
mnt-by: AF15-MNT
created: 2016-04-17T00:42:52Z
last-modified: 2016-04-18T06:23:19Z
source: RIPE
remarks: abuse-c AIS166-RIPE
org: ORG-AGIS12-RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43686.28671.28056.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 10:51:31 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=35byys57ecwn6f6jujt6pqtboounsfk2i55xklt72kpdmtl6pqxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip df438c4bbf20acdf17c9a267e7c26173a8d9155a477b752e7fd29e364d7e7c2f

(this sample)

NanoCore

Executable exe 51ece6274349758948b6af8836b151e12d2ae97b0e7806bc016dee0af026412b

  
Dropping
MD5 cdffac03c7fa1a3cfb6865955a631890
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51ece6274349758948b6af8836b151e12d2ae97b0e7806bc016dee0af026412b

Comments