MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 229f370eda3af7728124b9dc82d7fe89821d28e4be766c81996c140496a5ee45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
NanoCore
Vendor detections: 4
| SHA256 hash: | 229f370eda3af7728124b9dc82d7fe89821d28e4be766c81996c140496a5ee45 |
|---|---|
| SHA3-384 hash: | 0b4fec11b8aecb4d4c59267c99fbc05d1a47dfac9c418a717a9f067792310cd43c518a86c478f945999f9b58fb2de2a5 |
| SHA1 hash: | aaa793b7f43d2013f06ca870718737407fcebdd5 |
| MD5 hash: | 993f01a5d9461e4c427efac033ee6ffb |
| humanhash: | triple-twelve-lamp-louisiana |
| File name: | Purchase_Order_OR102670.exe |
| Download: | download sample |
| Signature | NanoCore |
| File size: | 339'456 bytes |
| First seen: | 2020-05-05 10:28:56 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 6144:zKAsj+rElm/62zWRh71ZZMNek9SCHDwsacUDkcQ:lTrElm/62uDMN59LMs5UXQ |
| Threatray | 1'120 similar samples on MalwareBazaar |
| TLSH | 9C74F53D297EAA2BC064CEB08FE0C41BF1A0D077B1329A16ECD7234A2595F517A9717D |
| Reporter |  abuse_ch |
| Tags: | exe NanoCore nVpn RAT |
abuse_ch
Malspam distributing NanoCore:HELO: linux687.grserver.gr
Sending IP: 185.4.133.224
From: Annee Chan <anneechan@titan.com.my>
Subject: Purchase Order OR102670
Attachment: Purchase_Order_OR102670.iso (contains "Purchase_Order_OR102670.exe")
NanoCore RAT C2:
billionaire.ddns.net:3734
Hosted on nVpn:
% Information related to '79.134.225.0 - 79.134.225.63'
% Abuse contact for '79.134.225.0 - 79.134.225.63' is 'abuse@anmaxx.net'
inetnum: 79.134.225.0 - 79.134.225.63
netname: BASEL-HOSTING-225-0
country: CH
admin-c: AM38880-RIPE
tech-c: AM38880-RIPE
status: ASSIGNED PA
mnt-by: AF15-MNT
created: 2016-04-17T00:42:52Z
last-modified: 2016-04-18T06:23:19Z
source: RIPE
remarks: abuse-c AIS166-RIPE
org: ORG-AGIS12-RIPE
Intelligence
File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Malrep
Status:
Malicious
First seen:
2020-05-05 17:29:44 UTC
File Type:
PE (.Net Exe)
Extracted files:
1
AV detection:
25 of 31 (80.65%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
nanocorerat
Similar samples:
+ 1'110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
1/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.