MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fd84ad46bb9e2e2185c09410bdbb5f364e756984bd619d4e81ef0dcf24f0b8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fd84ad46bb9e2e2185c09410bdbb5f364e756984bd619d4e81ef0dcf24f0b8f
SHA3-384 hash: bed1c827aa252fb3388091ae33d6bbaf036744fd067ffca5511e9d88a532413738245d8bb03a2e9f5a7b1abda45c1bac
SHA1 hash: e847d18b86d340247ac540d4e2986bcdbfaa23d6
MD5 hash: 7d590bb96f0a69e019e81da4fed1abcd
humanhash: minnesota-nevada-butter-twenty
File name:Swift_QTYD21_of 2020 - 180 - ASIA CITRA PRATAMA - AIRO 24-320 EN1.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:315'603 bytes
First seen:2020-06-29 12:33:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:y/1zrHt3faDbtWa6EWyorG3MLREtTO7znrw3j0fp7Kb:S9Ht3yDvTiK3mEUrw3jkp7Kb
TLSH DA64236D1353440BAFE8AECF2B0A3354B64F648BF7CA14724103DEB8619F2694566BC6
Reporter abuse_ch
Tags:NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail.bgesoaeg.ml
Sending IP: 192.227.121.237
From: david@bgesoaeg.ml
Subject: Transfer Remittance 174544 FX Advices Ref:0889
Attachment: Swift_QTYD21_of 2020 - 180 - ASIA CITRA PRATAMA - AIRO 24-320 EN1.zip (contains "Swift_QTYD21_of 2020 - 180 - ASIA CITRA PRATAMA - AIRO 24-320 [EN](1).exe")

NanoCore RAT C2:
91.193.75.66:2049

Hosted on nVpn:

% Information related to '91.193.75.0 - 91.193.75.255'

% Abuse contact for '91.193.75.0 - 91.193.75.255' is 'abuse@kgb-vpn.org'

inetnum: 91.193.75.0 - 91.193.75.255
netname: NON-LOGGING-VPN-SERVICE
descr: Please note that we don't store any user data.
descr: Our main effort is not to make money, but to preserve values like the
descr: freedom of expression, the freedom of press, the right to data protection
descr: and informational self-determination.
country: EU
admin-c: KA7109-RIPE
tech-c: KA7109-RIPE
org: ORG-KHd1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: KGB-MNT
mnt-routes: KGB-MNT
sponsoring-org: ORG-MW1-RIPE
created: 2012-06-04T11:05:55Z
last-modified: 2020-06-12T19:27:12Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fd84ad46bb9e2e2185c09410bdbb5f364e756984bd619d4e81ef0dcf24f0b8f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:34:07 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7mevvdlxhroegc4bfaqxw5v6nsoovuyjplbtvhid3ynz4spbohq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 1fd84ad46bb9e2e2185c09410bdbb5f364e756984bd619d4e81ef0dcf24f0b8f

(this sample)

NanoCore

Executable exe 6314fa268e933bd1c708c785212078a767c4ea0c602357002171f8b014d29989

  
Dropping
MD5 c0c88bcd990132b802080d941b11a180
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6314fa268e933bd1c708c785212078a767c4ea0c602357002171f8b014d29989

Comments