MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 7


Intelligence 7 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1
SHA3-384 hash: 6ac3f3a437dbef8aa8c26252defe9a6ae290685095f7711b14705d612a9c1f7b9295e1c39dbf14358e018dfa0b3809fd
SHA1 hash: 74c6a8a092c267399e87e91abb7be13df725b046
MD5 hash: 1033c6b6d28d44c062806cf7d594e6f2
humanhash: one-saturn-nevada-march
File name:CamScanner 08-28-2024 07.05.vbs
Download: download sample
Signature NanoCore
Create hunting rule
File size:2'373'280 bytes
First seen:2024-08-28 00:50:14 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 24576:bD/qEBZa71HU8t5t1brARP+rHHSjIPwSVs5fEEkhTb+jUTjs0oi6vXkkQW+pUFX8:vqyMTtMDjIYSi5MTCY3s0o2kQWCXKBo
TLSH T1E6B501A21E74ED8877946538BEBD3160E3E0DE7B6C3B96205253EB1E2B26D414720F71
Magika batch
Reporter abuse_ch
Tags:NanoCore RAT vbs


Avatar
abuse_ch
NanoCore C2:
198.23.197.108:7077

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
198.23.197.108:7077 https://threatfox.abuse.ch/ioc/1316698/

Intelligence

File Origin
# of uploads :
1
# of downloads :
207
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66ce7478fe69a9e560499c09
Tags:
n/a
Verdict:
Malicious
Labled as:
VBS/Kryptik.LP trojan
Link:
https://www.hybrid-analysis.com/sample/c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1500215
Signature
AI detected suspicious sample
Creates processes via WMI
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
80%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yyeswf4ioixyekanhxfhs6cfk3pwxaqd6tmpe4ode5mc3wo463qq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/240828-a7hb6ayemb/
Behaviour
Enumerates physical storage devices
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c6092b1788722f82280d3dca79784556df6b8203f4d8f271c327582dd9dcf6e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments