MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6f15cd9548d898d233ae228cd3d4b651691518168a9b006f41367222dc9d7489. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
NanoCore
Vendor detections: 3
| SHA256 hash: | 6f15cd9548d898d233ae228cd3d4b651691518168a9b006f41367222dc9d7489 |
|---|---|
| SHA3-384 hash: | 062fa49204f3fa8400542d86e628926e49f2411ceafd73ce71086ccd4290284cfc0ffda39c69935706eea5077478191b |
| SHA1 hash: | 771b4ab4aa10b9a69eca178f57a295b58fae6932 |
| MD5 hash: | b8a0fbddc7ebc43944fdd7a38328d2c8 |
| humanhash: | wisconsin-stairway-aspen-nine |
| File name: | DHL AWB TRACKING DETAILS.PDF.z |
| Download: | download sample |
| Signature | NanoCore |
| File size: | 432'574 bytes |
| First seen: | 2020-08-13 11:47:45 UTC |
| Last seen: | Never |
| File type: | z |
| MIME type: | application/x-rar |
| ssdeep | 12288:xee+D7MSMrjJj2zNVuvyLHjNaslRMhj65mwC73CH:xeX7S2zNVuaLHjNay+/wC7q |
| TLSH | 1694233002F20C55256BF62BA340C17BD4F8D39A8A9D97311B4DACE75550C14ABFAFB6 |
| Reporter |  abuse_ch |
| Tags: | DHL NanoCore nVpn RAT z |
abuse_ch
Malspam distributing NanoCore:HELO: server.redirectory-admin.com
Sending IP: 89.223.126.197
From: DHL DELIVERY SERVICE <invoice@redirectory-admin.com>
Reply-To: DHL DELIVERY SERVICE <farlight4yuanguang@yahoo.com>
Subject: COMMERCIAL INVOICE AND BILL OF LANDING... 13/08/2020
Attachment: DHL AWB TRACKING DETAILS.PDF.z (contains "DHL AWB TRACKING DETAILS.exe")
NanoCore RAT C2:
grace121.duckdns.org:8604 (185.140.53.48)
Pointing to nVpn:
% Information related to '185.140.53.0 - 185.140.53.255'
% Abuse contact for '185.140.53.0 - 185.140.53.255' is 'abuse@privacyfirst.sh'
inetnum: 185.140.53.0 - 185.140.53.255
remarks: This prefix is assigned to The PRIVACYFIRST Project, which
remarks: operates infrastructure jointly used by various VPN service
remarks: providers. We have a very strong focus on privacy and freedom.
remarks: In case of abuse, we encourage all international law enforcement
remarks: agencies to get in touch with our abuse contact. Due to the fact
remarks: that we keep no logs of user activities and only share data when
remarks: it is legally required under our jurisdiction, it is very unlikely
remarks: for a demand of user information to be successful. Still, that
remarks: should not deter you from reaching out.
netname: PRIVACYFIRST-EU3
country: EU
admin-c: TPP15-RIPE
tech-c: TPP15-RIPE
org: ORG-TPP6-RIPE
status: ASSIGNED PA
mnt-by: PRIVACYFIRST-MNT
created: 2016-10-17T23:24:00Z
last-modified: 2020-07-28T20:56:03Z
source: RIPE
Intelligence
File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.LokiSteal
Status:
Malicious
First seen:
2020-08-13 11:49:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
5/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
exe Dropping
NanoCore
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.