MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e4546d5dfa125ff515af286ec35e9504f596de35bb02f6d1b4d8f1184dceb0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e4546d5dfa125ff515af286ec35e9504f596de35bb02f6d1b4d8f1184dceb0b
SHA3-384 hash: 0a8a3e1ef159f357fec2d1ab369f8c4fb8e7c4ae66c1d5c308f7bbcebdf25c81702f9952f9a12672368d0151003ca7bb
SHA1 hash: 0572fdc101c2aff20236d30ea92f8230e8b5302e
MD5 hash: 05e0371441a7472dbaff2c0c61f43b4a
humanhash: helium-carbon-delaware-kentucky
File name:855_07_07_2020_REF03.pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:487'240 bytes
First seen:2020-07-07 10:23:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nrMiAOQUbhimZQVwtd3f8Km5nuMUaeXmnTllY46iq3R0mGqlhYIhxuxhB:n4ip3aO1lm56kTzYck05q0Ihx6B
TLSH 00A423839F3535B76FF94AEA6CB4D6E61DC4B1586C70C678A074FCEBA1401C52C88E61
Reporter abuse_ch
Tags:NanoCore nVpn RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: yahoo.co.in
Sending IP: 45.143.222.165
From: Maria <info@saxport.co.za>
Subject: Re:REQUEST FOR QUOTE
Attachment: 855_07_07_2020_REF03.pdf.zip (contains "855_07_07_2020_REF03.exe")

NanoCore RAT C2:
wazzy.ddns.net:1716 (194.5.99.24)

Hosted on nVpn:

% Information related to '194.5.99.0 - 194.5.99.255'

% Abuse contact for '194.5.99.0 - 194.5.99.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.99.0 - 194.5.99.255
netname: INTER_CLOUD_SERVICES_RUSSIA
admin-c: ICTR1-RIPE
tech-c: ICTR1-RIPE
org: ORG-ICR2-RIPE
country: RU
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-07-20T20:42:53Z
last-modified: 2020-07-04T13:20:18Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.18879.21615.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2e4546d5dfa125ff515af286ec35e9504f596de35bb02f6d1b4d8f1184dceb0b/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 10:25:04 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fzcunvo7ues76uk26kdoynpjkbhvs3pdloyc63i3jwhrdbg45mfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 2e4546d5dfa125ff515af286ec35e9504f596de35bb02f6d1b4d8f1184dceb0b

(this sample)

NanoCore

Executable exe f4369bd3bcd98f957248c6c7c145328cf546de76b16f46b8c4cedc04299d1374

  
Dropping
MD5 0690bf022657f5e7c1ea7179abf17779
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4369bd3bcd98f957248c6c7c145328cf546de76b16f46b8c4cedc04299d1374

Comments