MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b12d23e2ebb552bcc7a40011b72895f11c30bac92f745c2598904200b48f6e75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: b12d23e2ebb552bcc7a40011b72895f11c30bac92f745c2598904200b48f6e75
SHA3-384 hash: e2665dc1e979f3b126bef4f957aec57a2fb3adbd69b4dec22a750516c069b7819a6f71ebb4591d84e6b8aa2a7ee4bcf0
SHA1 hash: 8031d9a3e79f686116cc2f9e956c25a8e97c48d7
MD5 hash: 381cbcd693ad6fe9f3a59b88a26eee7a
humanhash: victor-michigan-louisiana-jig
File name:SotaiyoGroup-RFQ20200701.xz
Download: download sample
Signature NanoCore
File size:302'309 bytes
First seen:2020-06-30 13:13:09 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:tcljZkeevFFeRmo/zTDYemcqe3ypL4Tj0Qz0X7KnB:CZjWFepPDPmcB3oL4T2enB
TLSH 365423B99B79D108C8C5B3C7A3C6A516236731B359DE84400BAF5BC969DCFD296200BE
Reporter @abuse_ch
Tags:NanoCore nVpn Outlook RAT xz


Twitter
@abuse_ch
Malspam distributing NanoCore:

HELO: NAM11-DM6-obe.outbound.protection.outlook.com
Sending IP: 40.92.19.32
From: susana_figueirinha@hotmail.com
Reply-To: vojtech.tydlacka@yandex.com
Subject: Early July Supply order request..
Attachment: SotaiyoGroup-RFQ20200701.xz (contains "7DcshRRKyE3bON7.exe")

NanoCore RAT C2:
nobiwideget.dvrdns.org:54001 (5.206.224.136)

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 26
Origin country US US
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/b12d23e2ebb552bcc7a40011b72895f11c30bac92f745c2598904200b48f6e75/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:15:05 UTC
AV detection:15 of 31 (48.39%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 6.56%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

xz b12d23e2ebb552bcc7a40011b72895f11c30bac92f745c2598904200b48f6e75

(this sample)

  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment

Comments