MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84cf4a54c73f11a9de1fc86441749a14b40f18d5e566aed30e027c0ba5bf0ae8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 84cf4a54c73f11a9de1fc86441749a14b40f18d5e566aed30e027c0ba5bf0ae8
SHA1 hash: bf77f00c7a71c06f34354f8ca0ad5009f0e33454
MD5 hash: 00b2275e8712759e211a0c4b041bebd7
File name:Price Request.img
Download: download sample
Signature NanoCore
File size:2'031'616 bytes
First seen:2020-05-23 07:23:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:otb20pkaCqT5TBWgNQ7aLwqclBYeilKvhEZG+uJdJC5sNmfK6A:xVg5tQ7aL0lB0UvhMp6Nmy5
TLSH 2095E01363DD8360C7B26273BA65B7416EBF782506B1F96B2FD8093DE920121521EB73
Reporter @abuse_ch
Tags:img NanoCore nVpn RAT


Twitter
@abuse_ch
Malspam distributing NanoCore:

HELO: zimbra.fcjcorp.com
Sending IP: 54.158.42.8
From: Richard Carlos <pedro.henrique@medbeta.com.br>
Reply-To: rickshopamericanrental.com@gmail.com
Subject: Price Request
Attachment: Price Request.img (contains "Price Request.exe")

NanoCore RAT C2:
u852121.nvpn.so:3410 (91.192.100.17)

Pointing to nVpn:

% Information related to '91.192.100.1 - 91.192.100.63'

% Abuse contact for '91.192.100.1 - 91.192.100.63' is 'abuse@libertas-international.eu'

inetnum: 91.192.100.1 - 91.192.100.63
netname: LIBERTAS_NETWORK
remarks: ----------------------------------------------
remarks: Libertas Network is a VPN service provider.
remarks: We have a strict non-logging policy, therefore
remarks: we don't record any logs on our servers.
remarks: ----------------------------------------------
country: CH
admin-c: LNAD1-RIPE
org: ORG-LNVS1-RIPE
tech-c: LNAD1-RIPE
status: ASSIGNED PA
mnt-by: MNT-DA327
created: 2019-12-12T08:51:11Z
last-modified: 2020-02-10T07:01:46Z
source: RIPE

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 22
Origin country US US
ClamAV Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
VirusTotal:Virustotal results 15.00%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 84cf4a54c73f11a9de1fc86441749a14b40f18d5e566aed30e027c0ba5bf0ae8

(this sample)

  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment

Comments