MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1431451345bdf552bc41bd1675a0a9db8ad6032c298fdff99a40e3d1fef4841b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1431451345bdf552bc41bd1675a0a9db8ad6032c298fdff99a40e3d1fef4841b
SHA3-384 hash: d95201a56226176274604e3c6271733d24807c2e65ee08cbb8b2cb6591fa0ca51cd3155dd3b5b1d4914c12779b392889
SHA1 hash: 3a029691885398061bb85acf8f89dac2359a633b
MD5 hash: ba7efeac3281d528a28052daa9924c16
humanhash: connecticut-washington-whiskey-louisiana
File name:RFQ_item list7282020_PDF.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:448'248 bytes
First seen:2020-07-29 14:33:35 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:IIK/EOFuHVIsQltyn6Sz+i9ELkMRNBtt3RSAes+F:I4Og1tQlcn6oP9ERNB1SAeZ
TLSH 6494239E76EC61D11B27585A9EDFECD6CE233B040FA14811B0A8047FEE14DF499F19A4
Reporter abuse_ch
Tags:gz NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: hitechtoolkits.com
Sending IP: 95.211.208.25
From: sales <sales@hitechtoolkits.com>
Subject: urgent inquiry for quote
Attachment: RFQ_item list7282020_PDF.gz (contains "RFQ#_item list7282020_PDF.exe")

NanoCore RAT C2:
85.244.29.130:1990

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1431451345bdf552bc41bd1675a0a9db8ad6032c298fdff99a40e3d1fef4841b/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 14:35:06 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cqyuke2fxx2vfpcbxulhlifj3ofnmazmfgh576m2idr5d7xuqqnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/1431451345bdf552bc41bd1675a0a9db8ad6032c298fdff99a40e3d1fef4841b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 1431451345bdf552bc41bd1675a0a9db8ad6032c298fdff99a40e3d1fef4841b

(this sample)

NanoCore

Executable exe 3260e8fc7872ff596b2f284a7731619f46311c301be2b04f0910b5f7887b8fb9

  
Dropping
MD5 6a7127805cbbdcbecac7502ea62eeae4
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3260e8fc7872ff596b2f284a7731619f46311c301be2b04f0910b5f7887b8fb9

Comments