MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6161195354a684b757071dbd6d59e147ad6a0bb350218cf2ef64978319c78462. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6161195354a684b757071dbd6d59e147ad6a0bb350218cf2ef64978319c78462
SHA3-384 hash: 6328340fb4f16c2eb04fe380f3397f8548180ea07be8a7ab834d01825b0e6f2dc001630db9f4143bf0e02588794506b6
SHA1 hash: 06a9cf842f93ea7898f436b1b69a7010cb9d5a4a
MD5 hash: 1ca4574438cc2e229fdc019c9666e1ff
humanhash: minnesota-illinois-kentucky-oregon
File name:PDF.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:411'648 bytes
First seen:2020-05-10 08:33:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:w7e6zuwg+fmOXEB+5uSlt+yRiwmh4rSS9JOPB8AWo/YQ4zpxyRGGSlBnOKu8:mgqEB9Slt+yRij4rS+LA/72PGSllOKu
TLSH 1094DF2537AD1274F1765FB019F0E061C76BB61278B4E36D2E9D018A4BE6F40CA51F3A
Reporter abuse_ch
Tags:geo iso NanoCore RAT SAU


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sp3f.cpserver.net
Sending IP: 79.172.239.35
From: شرطة الرياض <invitation@moi.gov.sa>
Subject: إشعار نهائي من شرطة الرياض قبل القبض عليك
Attachment: PDF.iso (contains "PDF.exe")

NanoCore RAT C2:
172.111.188.199:8829

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45342.15418.1312.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 08:35:46 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfqrsu2uu2clovyhdw6w2wpbi6wwuc5tkaqyz4xpmslyggohqrra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 6161195354a684b757071dbd6d59e147ad6a0bb350218cf2ef64978319c78462

(this sample)

NanoCore

Executable exe cb70c14b7aa724c2d1cf6881f0a864897d953c367ddbc002594da76941ac376a

  
Dropping
MD5 3fda76bc627ca60ec8d9aee9d1a16b17
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb70c14b7aa724c2d1cf6881f0a864897d953c367ddbc002594da76941ac376a

Comments