MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05ce5704817f6da76dd820abfe876b18d45ec2361107b1ad513e938db05271fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05ce5704817f6da76dd820abfe876b18d45ec2361107b1ad513e938db05271fe
SHA3-384 hash: b8bf2fff59217f054641eddafc541765fceca215020e8cad7f592c38f0ec50b0eefebe38b207afc8bf979a58375dd5e0
SHA1 hash: df7ef112ee3986fb1b11bb6430607830c2bc171c
MD5 hash: 4382d1a40fe5c6414c33b3381abe473c
humanhash: paris-don-lactose-burger
File name:ORDER_103405PDF.ARJ
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'109'438 bytes
First seen:2020-05-05 07:41:42 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:+SoXWjnUu9sr7VayZ/bSSBIvDF1+SZ8eN60c/xMWBLSx:bjnJsrZayFbmrey8eNQ/uWBe
TLSH 393533DB116B61B173BC31DCA0F8E6EE3361E3ED334ED56D5842B661540AA873D21A34
Reporter abuse_ch
Tags:arj NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server.citroenbayi.com
Sending IP: 185.153.221.62
From: Siu Yeei <cherrysammy101@gmail.com>
Subject: CONFIRM THIS ORDER
Attachment: ORDER_103405PDF.ARJ (contains "SCAN.exe")

NanoCore RAT C2:
79.134.225.71:1985

Hosted on nVpn:

% Information related to '79.134.225.64 - 79.134.225.127'

% Abuse contact for '79.134.225.64 - 79.134.225.127' is 'abuse@your-vpn.network'

inetnum: 79.134.225.64 - 79.134.225.127
netname: YOUR_VPN_NETWORK
country: DE
remarks: ****************************************************
remarks: This subnet belongs to a VPN service provider.
remarks: We protect the right to privacy, which means
remarks: we don't log the activities of our users.
remarks: ****************************************************
admin-c: EH4074-RIPE
tech-c: YVN10-RIPE
status: ASSIGNED PA
abuse-c: YVN10-RIPE
org: ORG-YVN1-RIPE
mnt-by: AF15-MNT
created: 2019-07-19T18:26:38Z
last-modified: 2019-07-19T18:51:28Z
source: RIPE


Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:08 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=axhfobebp5w2o3oyecv75b3lddkf5qrwced3dlkrh2jy3mcsoh7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 05ce5704817f6da76dd820abfe876b18d45ec2361107b1ad513e938db05271fe

(this sample)

NanoCore

Executable exe c2ca1b8e7ab81c6f093f4b4aaf522afa63f67db9e519618b13036f0785363e53

  
Dropping
MD5 e7485a40bc818a1935ecfae0da9d2ade
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c2ca1b8e7ab81c6f093f4b4aaf522afa63f67db9e519618b13036f0785363e53

Comments