MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72b8f3e8caa262d48af7db2b98036dedbceb8eed73293b287f274f2750c0ae3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72b8f3e8caa262d48af7db2b98036dedbceb8eed73293b287f274f2750c0ae3e
SHA3-384 hash: 71b70ed92514783a344b361d0a97e10bb62fc5b54e9e0e632271759961e578d7a90f9ba9b5ac3b43d2f0edea8b57ef9c
SHA1 hash: 255378be64631e2c359b2350c459d388f247465e
MD5 hash: 0287ac4cbddac1cef9b8e0fe80664e67
humanhash: avocado-music-louisiana-december
File name:COPIE DE RECEPTARE IMPRIMATÄ‚.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:286'928 bytes
First seen:2020-05-27 18:02:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:X4ZKG1zMQWzPZlbnRLKnZVBEIUvlgRUTN2WFrSL4dsJ2rfaL0ED7m7diQH:FG+QahlRmnmlgRUgKrS2eU7vH
TLSH 325423C57FD56A3785F1AF9764AA3A5BCFD62D69C7C4C440E0EBCA55E39A0710000BB2
Reporter abuse_ch
Tags:COVID-19 geo NanoCore nVpn r11 RAT RUA


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.dpcitqlia.com
Sending IP: 45.95.169.77
From: Asistență clienți Poșta Română <info@dpcitqlia.com>
Subject: (COVID-19) Notificare de expediere Poșta Română
Attachment: COPIE DE RECEPTARE IMPRIMATÄ‚.r11 (contains "COPIE DE RECEPTARE IMPRIMATÄ‚.exe")

NanoCore RAT C2:
79.134.225.94:9124

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.dc.27784.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:25 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 72b8f3e8caa262d48af7db2b98036dedbceb8eed73293b287f274f2750c0ae3e

(this sample)

NanoCore

Executable exe 6182537c47fc24feb37cba9a27ba656e5c0af801cbbac9ae71f81f9a292c180f

  
Dropping
MD5 e1328ec966a98d4c6e4d133ea1169080
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6182537c47fc24feb37cba9a27ba656e5c0af801cbbac9ae71f81f9a292c180f

Comments