MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba62a4d2168c779f94d423e7c18adb811a4aed11d82efbd7f647a14035b92e03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba62a4d2168c779f94d423e7c18adb811a4aed11d82efbd7f647a14035b92e03
SHA3-384 hash: f1c5fc2b015ae263cf5874f8eacde7a0cb6b9da734a18e42c0c931cc77f778807c500a61cd1c8827c6653a11df58328d
SHA1 hash: 1dc2ead8914474dd93981238354c26bc84ec876b
MD5 hash: a40b2fa617bb3940c15b9da27d3e3796
humanhash: tennis-muppet-lamp-washington
File name:Quotation-20200614-0241.xz
Download: download sample
Signature NanoCore
Create hunting rule
File size:322'620 bytes
First seen:2020-06-15 13:37:21 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:DHO+VcTL1dfUUiD3gucPPsSmyYp0R6O+tWpn9+QsOFZVWZfWs6Yiw:DHvcTL1d/iYkS1G0R6ENMQsOnVW1
TLSH 0664238BAAB25D2ECD5605A258FF6CC048A9519B96CC63962E52171F07F05F37DFB0C0
Reporter abuse_ch
Tags:NanoCore RAT xz


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: smtphy.263.net
Sending IP: 54.255.195.220
From: Lucy Lawson <feedback@hsgeneral.net>
Subject: Quotation-20200614-0241
Attachment: Quotation-20200614-0241.xz (contains "Quotation-20200614-024142914208136738390-43910160182012224297.exe")

NanoCore RAT C2:
185.19.85.150:54085


% Information related to '185.19.84.0 - 185.19.85.255'

% Abuse contact for '185.19.84.0 - 185.19.85.255' is 'abuse@datawire.ch'

inetnum: 185.19.84.0 - 185.19.85.255
netname: DATAWIRE-DATACENTERS
descr: CUSTOMERS ZG01
country: CH
admin-c: DA4314-RIPE
tech-c: DA4314-RIPE
status: ASSIGNED PA
mnt-by: DATAWIRE-NOC
created: 2013-09-23T14:18:55Z
last-modified: 2013-09-23T14:18:55Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:39:04 UTC
AV detection:
14 of 27 (51.85%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjrkjuqwrr3z7fguept4dcw3qenev3ir3axpxv7wi6quannzfybq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

xz ba62a4d2168c779f94d423e7c18adb811a4aed11d82efbd7f647a14035b92e03

(this sample)

NanoCore

Executable exe 7795d2106023220b5e106b1e05815e7818d66189c01d4bc927767008fccdc6d2

  
Dropping
MD5 866a81d430acbc8a4f59b6ff861add9c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7795d2106023220b5e106b1e05815e7818d66189c01d4bc927767008fccdc6d2

Comments