MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8676328d17ea63dd792ac05cb2ab2b156b3aa2823b3e907db921c35b35e8bdc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8676328d17ea63dd792ac05cb2ab2b156b3aa2823b3e907db921c35b35e8bdc5
SHA3-384 hash: a36f3921a3fbf4dde455765785b348de380c884f4f15ac4fee037eeb5249f398a705ec96d2f294534eaca460e3873413
SHA1 hash: d9801cadc6c05acefeb0baf71eba19b241cdee4f
MD5 hash: fc536d0d6b261bd04ab26bdcc15df0b9
humanhash: aspen-uranus-network-orange
File name:ANNIE INTERNATIONAL INC ORDER_PDF.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:320'407 bytes
First seen:2020-05-12 08:12:23 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:oBOQtPtCF/eRbmzMYVcEYBe5b8sycXoCK5O/m5hjICMoyDJ41AgVr:o7gYbGVcjevRZjOEBoGuAqr
TLSH 6F64237EB8199344E08EA74E11D859995A993E3930FED83347346CB17DA738E923D331
Reporter abuse_ch
Tags:gz NanoCore


Avatar
abuse_ch
Malspam distributing NanoCore:

From: "Annie International, Inc" <juaek@anneiinc.com>
Subject: ANNIE INTERNATIONAL,INC PURCHASE ORDER
Attachment: ANNIE INTERNATIONAL INC ORDER_PDF.gz (contains "ANNIE INTERNATIONAL INC ORDER_PDF.exe")

NanoCore RAT C2:
194.5.98.8:4573

Hosted on nVpn:

% Information related to '194.5.98.0 - 194.5.98.255'

% Abuse contact for '194.5.98.0 - 194.5.98.255' is 'abuse@inter-cloud.tech'

inetnum: 194.5.98.0 - 194.5.98.255
netname: Privacy_Online
descr: Longyearbyen, Svalbard und Jan Mayen
country: SJ
admin-c: RA9926-RIPE
tech-c: RA9926-RIPE
org: ORG-NFAS6-RIPE
status: ASSIGNED PA
mnt-by: inter-cloud-mnt
created: 2019-04-26T16:42:54Z
last-modified: 2020-03-13T23:11:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qz3dfdix5jr526jkybolfkzlcvvtviuchm7ja7nzehbvwnpixxcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 8676328d17ea63dd792ac05cb2ab2b156b3aa2823b3e907db921c35b35e8bdc5

(this sample)

NanoCore

Executable exe 866c0ed515a8b489e43ec168777e102573e313547b9c93f32d93203473502ae1

  
Dropping
MD5 42e7fd82911c229739005c77b646043b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 866c0ed515a8b489e43ec168777e102573e313547b9c93f32d93203473502ae1

Comments