MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 563eb02cad9f15f5a74c4d0808d3b2534484a593d13157b03843a095cc471590. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 563eb02cad9f15f5a74c4d0808d3b2534484a593d13157b03843a095cc471590
SHA3-384 hash: be5eae4798c57d085cc3bac20392d9b3d87d070161f4d4947fe23951d65527b717baf342b6796bb733b8ae29a18ddd94
SHA1 hash: 2ce3ef4e2e59086f3aa1ff77aa3c4c45e4e45236
MD5 hash: a6273e52a4f4a7679b50f1a859e8399d
humanhash: chicken-mountain-washington-equal
File name:Quote202028DOC56.r02
Download: download sample
Signature NanoCore
Create hunting rule
File size:929'213 bytes
First seen:2020-05-28 06:46:58 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 12288:5q+I+rk59TYZq10lg01se8n/b9atkbE3ji9eoLVszhx0zd81O3eX7XLpI/PdNV8I:5FrgtYZHl/yZbmjIe4Qhx0zqvX7bsikn
TLSH 1C1533C9AC29804E7AF9AF821BDEDA19B581E7C57B97F2118323C46AC14541F43DC27E
Reporter abuse_ch
Tags:NanoCore r02


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.aminasha.com
Sending IP: 45.95.169.185
From: Salil Johory <dlr-a238@mst-dealer.com>
Subject: FW:Quote us
Attachment: Quote202028DOC56.r02 (contains "Quote#202028#DOC56.exe")

NanoCore RAT C2:
asha.ddns.net:1930 (185.244.30.15)

Pointing to nVpn:

% Information related to '185.244.30.0 - 185.244.30.255'

% Abuse contact for '185.244.30.0 - 185.244.30.255' is 'abuse@FOS-VPN.org'

inetnum: 185.244.30.0 - 185.244.30.255
netname: Freedom_Of_Speech_Foundation_Hungary
remarks: Budapest, Hungary
country: HU
org: ORG-FOSF3-RIPE
admin-c: FOSF1-RIPE
tech-c: FOSF1-RIPE
status: ASSIGNED PA
mnt-by: FOS-VPN-MNT
created: 2019-10-29T14:10:27Z
last-modified: 2020-04-06T19:58:39Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:43 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

r02 563eb02cad9f15f5a74c4d0808d3b2534484a593d13157b03843a095cc471590

(this sample)

NanoCore

Executable exe e023ce4ffdc54618b4e82be87714469c550ebb767e17e7c793f681e24e9c8fd9

  
Dropping
MD5 19a1724d6ab9be203063dc7ad2618c9b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e023ce4ffdc54618b4e82be87714469c550ebb767e17e7c793f681e24e9c8fd9

Comments