MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7be68ffe59d4bd106a10164560df5605aad484d03d3714c4d556ad0f07c24da0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7be68ffe59d4bd106a10164560df5605aad484d03d3714c4d556ad0f07c24da0
SHA3-384 hash: b148d8d22132d302b08ef38b5c4267c2dc05e67c6483849fc44a56266bb845eb7af87b4709e986d3739cf5ea7ffa697d
SHA1 hash: c86e5fbda1b2b60dc2342a648ac0412522bb3f0b
MD5 hash: 037b7a5b527a77b723e798b908c74a6c
humanhash: social-sierra-virginia-arkansas
File name:invoice and packing list 22122020.7z
Download: download sample
Signature NanoCore
Create hunting rule
File size:662'033 bytes
First seen:2020-12-22 15:51:39 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:aqvmaslkcScfChxuQIHSo0igwpDOGwY28xTW20PndqHzfjVhnO:XNIk9c0umkDO1sxTbLO
TLSH 34E423A2FA00BDFEE0F59A45A2683CEB5C798741D1FD21564C2E9C8BD23171B4FC9458
Reporter abuse_ch
Tags:7z NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: asamco-sa.com
Sending IP: 212.83.46.26
From: EIRAD Trading and Contracting Co. LTD <info@asamco-sa.com>
Subject: SHIPMENT NEED ADVICE
Attachment: invoice and packing list 22122020.7z (contains "invoice and packing list #22122020.exe")

NanoCore RAT C2:
185.165.153.84:20110

Hosted on nVpn:

% Information related to '185.165.153.0 - 185.165.153.255'

% Abuse contact for '185.165.153.0 - 185.165.153.255' is 'abuse@privacyfirst.sh'

inetnum: 185.165.153.0 - 185.165.153.255
remarks: This prefix is assigned to The PRIVACYFIRST Project, which
remarks: operates infrastructure jointly used by various VPN service
remarks: providers. We have a very strong focus on privacy and freedom.
remarks: In case of abuse, we encourage all international law enforcement
remarks: agencies to get in touch with our abuse contact. Due to the fact
remarks: that we keep no logs of user activities and only share data when
remarks: it is legally required under our jurisdiction, it is very unlikely
remarks: for a demand of user information to be successful. Still, that
remarks: should not deter you from reaching out.
netname: PRIVACYFIRST-UK
country: GB
admin-c: TPP15-RIPE
tech-c: TPP15-RIPE
org: ORG-TPP6-RIPE
status: ASSIGNED PA
mnt-by: PRIVACYFIRST-MNT
created: 2019-10-18T12:14:26Z
last-modified: 2020-10-26T17:45:15Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
376
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7be68ffe59d4bd106a10164560df5605aad484d03d3714c4d556ad0f07c24da0/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Suspicious
First seen:
2020-12-22 15:52:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ppti77sz2s6ra2qqczcwbx2wawvnjbgqhu3rjrgvk2wq6b6cjwqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7be68ffe59d4bd106a10164560df5605aad484d03d3714c4d556ad0f07c24da0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

7z 7be68ffe59d4bd106a10164560df5605aad484d03d3714c4d556ad0f07c24da0

(this sample)

NanoCore

Executable exe a3e67bd9483ff44e19489be13809806f228aa8063d701f2344eed25c9c3cd5db

  
Dropping
MD5 19e37f230241df1a515db9a800201b9e
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a3e67bd9483ff44e19489be13809806f228aa8063d701f2344eed25c9c3cd5db

Comments