MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c841f830f823a87290afaa99960a2b6d5191131337bb769d0d5827514641ff43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c841f830f823a87290afaa99960a2b6d5191131337bb769d0d5827514641ff43
SHA3-384 hash: bc1bf715edade0c760a5bc7abb50fce61d1b071f2a02582a8b4f00db2a6192d64115e1fc80bdd660c8d6805b6929068a
SHA1 hash: 8b8c9477c86ddbdca38e5b09d5a22e6db9a8a914
MD5 hash: 2596d4833fbcd574bb32e5f3381919da
humanhash: equal-summer-oregon-neptune
File name:RFQ.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:874'839 bytes
First seen:2020-05-14 14:55:13 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:o3QSV4ucI+rk59TYZM177T+DkA04NzNPOpQ7AVWJ2dV0ol4+2rB3XPEmhK3k:o3SuyrgtYZOT+pzlOuAVCc4tJ8mhK0
TLSH 7A15333D2D027C2FA6D0EEB313D46654C4E2221E3A5FD0BC23506D4B9E7A51D359AA3D
Reporter abuse_ch
Tags:arj NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sanyuktaguptea.pw
Sending IP: 173.82.232.171
From: Ina Hu <info@sanyuktaguptea.pw>
Reply-To: alauddiinns@gmail.com
Subject: Request For Quotation
Attachment: RFQ.arj (contains "RFQ.exe")

RemcosRAT C2:
185.244.29.132:1985

Hosted on nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 15:35:39 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zba7qmhyeouhfefpvkmzmcrlnvizceytg65xnhinlatvcrsb75bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj c841f830f823a87290afaa99960a2b6d5191131337bb769d0d5827514641ff43

(this sample)

NanoCore

Executable exe 54266e2a6f22d22f226c03589572c31030b02bda7c7d144210f5454a831785a9

  
Dropping
MD5 52e287fb53747741871a4ea0a784d5c0
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54266e2a6f22d22f226c03589572c31030b02bda7c7d144210f5454a831785a9

Comments