MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8
SHA3-384 hash: 96e38e9bfaa2da2ecbb5b81444f982c0324e7f198cca2439f183b3bb2781d484f189d30560c767cbac8a1f1bd6776b7d
SHA1 hash: 80f77c73da1854ccc0da087fc6ea1f95e0963e05
MD5 hash: 3029d6ac392a3a3ce74048c998e452f1
humanhash: india-hamper-romeo-rugby
File name:PO-INV90021.img
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-04 22:19:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:QI9wt2uORKr/5u/LHnn90MgHShf/QQ5i5PjRZmHNvj7ZiO9uCzING5:T9o2uORB/LHnNgOi5PjMXZDzIN
TLSH F045F12AF60FF516C5D49838B1E2131806A79F8D3C1D646A32ACF251D37AE847A43F63
Reporter abuse_ch
Tags:img NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: smtp111.iad3b.emailsrvr.com
Sending IP: 146.20.161.111
From: <kjohnson@quirkcars.com>
Reply-To: kjohnson@quirkcars.com
Subject: Invoice/PO for Customer:BPC-5402020
Attachment: PO-INV90021.img (contains "PO-INV90021.exe")

NanoCore RAT C2:
olusho.quor8.com:30855 (172.245.5.131)

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.EPI.812.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 04:03:13 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ygcsjan4wvm453tahluwv7eokbqndjqeu24kujkryvscmkm224a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img ee0c29240de5aace777301d74b57e47283068d302535c5512a8e2b21314cd6b8

(this sample)

NanoCore

Executable exe adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf

  
Dropping
MD5 0918ec31c64c03a628951b52d6f8fb10
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 adb1948d6b4d965ee35ea8107b1128a9075d3548b61a72cfb35d0893d1f4ffaf

Comments