MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2cfd6e893c39081ea492637867f51b366fc71906a7d37e84d1714fa5e588acf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2cfd6e893c39081ea492637867f51b366fc71906a7d37e84d1714fa5e588acf
SHA3-384 hash: 073de5617b33253bc28bb4a8a84fc76dab29daba8f60eba397bbc7af42129c383ec86e272524035feeedc6dfd69bac48
SHA1 hash: 6ec8d84bcf7b25efbf3cc40f9bfd7eafdb9c6de5
MD5 hash: 911fe25d41db0a9dc4ceace97f49bdf0
humanhash: fanta-oven-princess-winter
File name:READSUN OPTICAL LTD ORDER_xls.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:366'501 bytes
First seen:2020-05-01 12:27:02 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:59dnOYi8aXe5H89m6aXYgaGTViYwDNFyxCp7zc2ToAQJQKh5M6uxqV+:53nd5H8sDTt3CdcCqhmUA
TLSH AD7422855DF0F7B97422067CDD629B5841CDB3B1D396A33A0D6AC0BDC2372D598F214A
Reporter abuse_ch
Tags:gz NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: ap.apistarly.live
Sending IP: 77.242.152.35
From: WENZHOU READSUN OPTICAL CO.,LTD <sales3@raedsunoptical.com>
Subject: WENZHOU READSUN OPTICAL CO.,LTD ORDER "溫州瑞森光學有限公司訂購"
Attachment: READSUN OPTICAL LTD ORDER_xls.gz (contains "READSUN OPTICAL LTD ORDER_xls.exe")

NanoCore RAT C2:
194.5.98.8:4573

Hosted on nvpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 12:35:54 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6lh5n2etyoiid2sjey3ym72rwntpy4mqnj6tp2cnc4kpuxsyrlhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz f2cfd6e893c39081ea492637867f51b366fc71906a7d37e84d1714fa5e588acf

(this sample)

NanoCore

Executable exe bf0ad956a210613614b06919c4663576b23ed1c415ddd5051ff858c84a1554e4

  
Dropping
MD5 077d9c1b49762fd62b8fccf6e5c76b01
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf0ad956a210613614b06919c4663576b23ed1c415ddd5051ff858c84a1554e4

Comments