MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55e5f4a4562b3992536144eac9951b1c780f43fc271589c53e89b6de1a914d55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55e5f4a4562b3992536144eac9951b1c780f43fc271589c53e89b6de1a914d55
SHA3-384 hash: 249f5de5577ee1c4924ea5b53457c8f43bfa5b7db27ead39944ac4900fdf9a7b0b2ce31d08ebb9bb49d38a38e639f29f
SHA1 hash: e2fb2b19f100b9f82363974a6eda384c2d310edc
MD5 hash: 6110dc73b5ddb6fdfe10d6a061359a49
humanhash: early-sink-queen-four
File name:RFQ.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:788'647 bytes
First seen:2020-05-25 14:14:04 UTC
Last seen:2020-05-25 14:14:20 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:HmE7gvZtKsTkREmxeuUDb7svo0DTX1N+4tTGQlgGkd/TopoOeAw8x3:HmEkvZFTOE9b7sPD71N+MjUMpWy3
TLSH 98F4338E87A0FB59CAD93EF271D8964DFDEF881E78674B633530057F86126B2566C008
Reporter abuse_ch
Tags:gz NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: ilezoni.pw
Sending IP: 173.82.238.171
From: Tommy Chan <info@ilezoni.pw>
Reply-To: alauddiinns@gmail.com
Subject: Request For Quotation
Attachment: RFQ.gz (contains "AL.exe")

NanoCore RAT C2:
185.244.29.132:1985

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:33:41 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 55e5f4a4562b3992536144eac9951b1c780f43fc271589c53e89b6de1a914d55

(this sample)

NanoCore

Executable exe 5f3c88ad9a168c31fd7cbf37a6858952bad0e6b08a396ec6eb0912faf94c3c0f

  
Dropping
MD5 9771a2b00aa67118dd039f12deaf8099
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f3c88ad9a168c31fd7cbf37a6858952bad0e6b08a396ec6eb0912faf94c3c0f

Comments