MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f77c4f47edf483def271adb00ee93067febdb3888ac4144b0ba458cf9933db03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f77c4f47edf483def271adb00ee93067febdb3888ac4144b0ba458cf9933db03
SHA3-384 hash:	82b0ae31664cfd5769e8748a03a78723f10ea3f0f4e4d2a867e1ecddf485c41f884f54d9d139976ce1ab49cfa2b0c32a
SHA1 hash:	59b4704c8625af00c9021499087b152f940e0bec
MD5 hash:	9534fb1ad7bb2b2c38d6ed7de91d7456
humanhash:	sink-cup-jersey-florida
File name:	New_Inquiry.rar
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	325'389 bytes
First seen:	2020-05-01 11:19:50 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	6144:JQU/U9BTebbG0gvLP0mYdcMRQi3hTP6YBOtMW5BGkaVYLHYv:JbM9E+0gv7pqRQihPjBOtTBGkaVEq
TLSH	7564220F1D1D4A563E7FB3398E5EC877DCBFE851A852681B2A2A0F6C3AC464234254D2
Reporter	abuse_ch
Tags:	NanoCore rar RAT

abuse_ch

Malspam distributing NanoCore:

HELO: mailsnd3.chol.com
Sending IP: 203.252.1.124
From: 대보마그네틱(주) <daebomag@chol.com>
Subject: New_Inquiry
Attachment: New_Inquiry.rar (contains "New_Inquiry.exe")

NanoCore RAT C2:
dikaa.ddns.net:1970 (105.112.99.164)

Intelligence

File Origin

# of uploads :

# of downloads :

205

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-01 11:36:19 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

23 of 47 (48.94%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=656e6r7n6sb554trvwya52jqm77l3m4irlcbisylurmm7gjt3mbq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar f77c4f47edf483def271adb00ee93067febdb3888ac4144b0ba458cf9933db03

(this sample)

NanoCore

exe 3465a87f7c026e390a862f5d4b638745f80fa24a5ef94998e2f5c1818dd0bc15

Dropping

MD5 b52e9a0ed1bcc246be89c64e3b017987

Dropping

NanoCore

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 3465a87f7c026e390a862f5d4b638745f80fa24a5ef94998e2f5c1818dd0bc15

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample