MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dbb611f9f399997b757686f6dd1d784bd5e5cb5ee0e63680c7466745c6c94a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dbb611f9f399997b757686f6dd1d784bd5e5cb5ee0e63680c7466745c6c94a5
SHA3-384 hash: e5ebcee02ea13349897aa7184c477a4ab9321f8ba9854a4e7fe25ab5e54fa537efb1a73158defbca9ce6dd532060847b
SHA1 hash: f1871955365c9dd26e7c27494c20468593602bd8
MD5 hash: 8ec1aab4193b43623dd208c9b69e86dc
humanhash: cardinal-arizona-triple-johnny
File name:chuyển chi tiết.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:307'428 bytes
First seen:2020-06-16 06:21:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:XTjqTpYaWPdLtsVY2rMy5Z99Up6YOk23ba0H/GA4gkEb/GfgPVEtPt8CZ:XTOTpYJ8vMy59Up6TaE/HRkdfakDZ
TLSH 67642303206E64240E1C049A77AEA4EC0E87A318FD775335A4F876CF7B84C25ED58977
Reporter abuse_ch
Tags:NanoCore nVpn r11 RAT VNM


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.busonard.com
Sending IP: 45.95.169.17
From: Vietinbank <info@busonard.com>
Subject: Re: chuyển chi tiết
Attachment: chuyển chi tiết.r11 (contains "mIca5CrjYibCfe8.exe")

NanoCore RAT C2:
185.140.53.11:6532

Hosted on nVpn:

% Information related to '185.140.53.0 - 185.140.53.255'

% Abuse contact for '185.140.53.0 - 185.140.53.255' is 'abuse@FOS-VPN.org'

inetnum: 185.140.53.0 - 185.140.53.255
netname: Freedom_Of_Speech_VPN
remarks: Before you contact us, please read:
remarks: 185.140.53.0/24 belongs to a NON-LOGGING VPN service.
remarks: We don't log any user activities.
remarks: We believe that the right to informational self-determination and the
remarks: right to privacy are essential to all citizens of all countries.
remarks: We don't host anything else on our servers than VPN software and our
remarks: customers can open a fixed number of Ports.
remarks: Like Public WiFi or Tor Exit Node Operators we cannot be held responsible
remarks: for the actions of our customers, because we simply can't (and to be
remarks: honest: don't want) to control them.
country: EU
org: ORG-SL751-RIPE
admin-c: SL12644-RIPE
tech-c: SL12644-RIPE
status: ASSIGNED PA
mnt-by: FOS-VPN-MNT
created: 2016-10-17T23:24:00Z
last-modified: 2020-04-06T18:59:49Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 06:23:04 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jw5wch47hgmzpn2xnbxw3uoxqs6v4xfv5yhgg2amorthixdmsssq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 4dbb611f9f399997b757686f6dd1d784bd5e5cb5ee0e63680c7466745c6c94a5

(this sample)

NanoCore

Executable exe 9b136625d2ae281fae9b86400201c255b792297074dd95d7b6b82dd9859b4c23

  
Dropping
MD5 a29be878ba422019d6e36980b5ab8ebc
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b136625d2ae281fae9b86400201c255b792297074dd95d7b6b82dd9859b4c23

Comments