MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7325d1f4e080d0d7f9ed2f8279bc64b8ae900d9223d2f385d97bf994e5b5c9a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7325d1f4e080d0d7f9ed2f8279bc64b8ae900d9223d2f385d97bf994e5b5c9a1
SHA3-384 hash: 6689450da15dac46465724bcb51827d1fdaf093abad15f454aea2756a5b40ac4d0547091aad3beeb6310ebeed2375d41
SHA1 hash: 01097a192f412e7fb9ac74d55778594dc0a0982f
MD5 hash: 9b6b57933335cdc7d908f9913acc1a7c
humanhash: berlin-nuts-chicken-winter
File name:Servicio Postal de Correo Argentino.r11
Download: download sample
Signature NanoCore
Create hunting rule
File size:551'061 bytes
First seen:2020-06-04 17:30:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:03vG5/N361akMx+8CQYlk9heEp7nwqktQ+XznY+7nzfSF5UnPhBPnooqB:8i/N3VTxT/Ylup7nw3tFXzY2ne/m3/U
TLSH F7C433837FBA01FF92098ECB148B9B2E230B7D5D042AD5943C5FEC462DCD55492F96A1
Reporter abuse_ch
Tags:NanoCore nVpn r11 RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.yidagnp.com
Sending IP: 45.95.169.73
From: CORREO ARGENTINO POST SERVICIO RECIBO IMPRESO <info@yidagnp.com>
Subject: Re: SERVICIO POSTAL CORREO ARGENTINO
Attachment: Servicio Postal de Correo Argentino.r11 (contains "dK66Y8jAEFVVUny.exe")

NanoCore RAT C2:
185.244.29.128:9995

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 17:36:10 UTC
AV detection:
8 of 31 (25.81%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oms5d5haqdinp6pnf6bhtpdexcxjadmsepjphbozpp4zjznvzgqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 7325d1f4e080d0d7f9ed2f8279bc64b8ae900d9223d2f385d97bf994e5b5c9a1

(this sample)

NanoCore

Executable exe 3e31c8b099b67a798b809a8c4d37462d822868abc58e1b8e3ce88fb521723b92

  
Dropping
MD5 eec93f44b9cdec551aeb999415e097d6
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e31c8b099b67a798b809a8c4d37462d822868abc58e1b8e3ce88fb521723b92

Comments