MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dc3e837477a6cadb9ba1d44b1ca3f551f8313009b5eca44f4627082ead65615. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dc3e837477a6cadb9ba1d44b1ca3f551f8313009b5eca44f4627082ead65615
SHA3-384 hash: a5c14a95ced035e44bda5b9d7c9c2416401a0b47744e3f28ab4018a5d66a7da0f6a50e4bf7f7f102b713269aeeb5cbc9
SHA1 hash: 895334797a5c05a40c72b60b11500249992992d5
MD5 hash: d108360d698a0f92891d9e0726a7b59e
humanhash: mississippi-football-shade-bulldog
File name:DHL SHIPMENT NOTIFICATION_Xls.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:431'533 bytes
First seen:2020-05-05 08:58:08 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:lSlZFWdSiKmkpl+2wGOnUUbrXAhDVMMPHdeZqCi23rs:lS3FW0akpMTjOJeVi23rs
TLSH 749423F3863DB8761CBF51DC7091C5B668761E5286F6FA0A0C188FE2D5296C8484B1F7
Reporter abuse_ch
Tags:DHL gz NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: j0j40j2k.ni.net.tr
Sending IP: 185.95.86.158
From: DHL EXPRESS <NoReply.ODD@dhl.com>
Subject: YOUR DHL SHIPMENT NOTIFICATION/UPDATE PARCEL NO:DL7593462
Attachment: DHL SHIPMENT NOTIFICATION_Xls.gz (contains "DHL SHIPMENT NOTIFICATION_Xls.exe")

NanoCore RAT C2:
194.5.98.8:4573

Hosted on nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Com
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 09:35:30 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxb6qn2hpjwk3on2dvcldsr7kupygeyatnpmurhumjyif2wwkykq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 6dc3e837477a6cadb9ba1d44b1ca3f551f8313009b5eca44f4627082ead65615

(this sample)

NanoCore

Executable exe c4e3c7871e231318fb43fbdacc011d98d5f671d045facafcd205dd9bf7250f94

  
Dropping
MD5 81f0c86576708e5bbd32987de541d36c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c4e3c7871e231318fb43fbdacc011d98d5f671d045facafcd205dd9bf7250f94

Comments