MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fb95d2781ee6507a0855600dc71923f7bae0c28d04b82105b3fee8394af1016. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fb95d2781ee6507a0855600dc71923f7bae0c28d04b82105b3fee8394af1016
SHA3-384 hash: 744383a098a5cef6f94f0d7ef74229768df8bc86df2f8fe24078e748bad0f3cfd192e82fbee3515ea9e4db47ce486185
SHA1 hash: c4a7c6040e773bb7867cac79ad620aadb0e554ec
MD5 hash: a2fe3cc8febdd46e15298dea1a8eb598
humanhash: monkey-kitten-wisconsin-don
File name:Λεπτομέρειες εγγράφου τραπεζικής μεταφοράς Alpha VEaudD2020.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:308'553 bytes
First seen:2020-06-16 13:07:00 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:AWKfjVOOV6I9nhw0B6ANNeG6/gaYNveDgPZutMFkZf8ZOZy/Z9pq0IjMCJn4:kfJOEJRhw0koB6/gawvmgRutMFxZ8yTb
TLSH 506423077B3B3462CE5D95CB4317AFA97B3B9C51970901B389FF7EAA913009B64E0894
Reporter abuse_ch
Tags:arj geo GRC NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: dedicated.fco.pt
Sending IP: 151.236.46.67
From: Dimitrios Giannis <info@diinak.com>
Subject: FW: Alpha Web Banking Οι λεπτομέρειες πληρωμής
Attachment: Λεπτομέρειες εγγράφου τραπεζικής μεταφοράς Alpha VEaudD2020.arj (contains "Λεπτομέρειες εγγράφου τραπεζικής μεταφοράς Alpha VEaudD2020.exe")

NanoCore RAT C2:
duckmeat.duckdns.org:5626 (194.5.98.28)

Pointing to nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 13:08:05 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l64v2j4b5zsqpiefkyany4msh5524dbi2bfyeec3h7xihffpcala._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 5fb95d2781ee6507a0855600dc71923f7bae0c28d04b82105b3fee8394af1016

(this sample)

NanoCore

Executable exe 1fc98dd4f7a3594f9e45e21e80e68b9c7dddadc68d3ceb9800ee881f2648653f

  
Dropping
MD5 a5b21158bc166aef15690d9042a2f818
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1fc98dd4f7a3594f9e45e21e80e68b9c7dddadc68d3ceb9800ee881f2648653f

Comments