MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7753784e4dabe379b07f6223eb803ccfbc01beb51c820c762d969ffae231883. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7753784e4dabe379b07f6223eb803ccfbc01beb51c820c762d969ffae231883
SHA3-384 hash: 7b7a97a290aee1fb7132fb16a4166ae1445c043f95f033b8ab83efef9f8c2c4f0a24b9e28cf692adddbf8474ae012285
SHA1 hash: c691be4619177e88ccd24376497e3dfc71f67386
MD5 hash: e12ef3b3eea6051f9ffbc2e14cd9dfc8
humanhash: massachusetts-alabama-quebec-eight
File name:Proposal_Invoice.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:538'624 bytes
First seen:2020-05-01 14:47:05 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:EMgTOqNIzYfFtUQHYOT2p1Js7hFOm7U3/Q33QUQDKqKGg9PI/2FLTu/RUoL6vf3Q:9Ydtmje3IPqAUOK4g9wcLh2P
TLSH BAB4C0160798562BE7FE0779C0E82440D3FAA517B6CBF75DA99449F82E83744EC82263
Reporter abuse_ch
Tags:iso NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: ideeseet.com
Sending IP: 45.95.169.220
From: Mohammad Nowfal <muhamfal@ezdeharind.com>
Subject: Re: ABNG-#INVOICE COPY
Attachment: Proposal_Invoice.iso (contains "Proposal_#Invoice.exe")

NanoCore RAT C2:
yusufeddy.ddns.net:5050 (185.244.30.21)

Pointing to nvpn:

% Information related to '185.244.30.0 - 185.244.30.255'

% Abuse contact for '185.244.30.0 - 185.244.30.255' is 'abuse@FOS-VPN.org'

inetnum: 185.244.30.0 - 185.244.30.255
netname: Freedom_Of_Speech_Foundation_Hungary
remarks: Budapest, Hungary
country: HU
org: ORG-FOSF3-RIPE
admin-c: FOSF1-RIPE
tech-c: FOSF1-RIPE
status: ASSIGNED PA
mnt-by: FOS-VPN-MNT
created: 2019-10-29T14:10:27Z
last-modified: 2020-04-06T19:58:39Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43686.14874.4394.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 03:54:16 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=652tpbhe3k7dpgyh6yrd5oadzt54ag7lkhecbr3c3fu77lrddcbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso f7753784e4dabe379b07f6223eb803ccfbc01beb51c820c762d969ffae231883

(this sample)

NanoCore

Executable exe 63ffc920c99c00673877a870e745cd73a11892a464bb04f484d6b166db7fd1d4

  
Dropping
MD5 4a128c26bd199b4589e2cb81ccb55a09
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63ffc920c99c00673877a870e745cd73a11892a464bb04f484d6b166db7fd1d4

Comments