MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c91d163d1956328bc15bc44ab57f8f473f97937dea1360b696ebc23d5a30c1c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c91d163d1956328bc15bc44ab57f8f473f97937dea1360b696ebc23d5a30c1c5
SHA3-384 hash: 77cdc0101de3f9537ed1c136394b61f86e7e1d06dfc162fccfdd3ac2addbd08fbbebf803759c88a620dcf719863001d5
SHA1 hash: a856ed8364b4a807a12296be854289dddf785a8f
MD5 hash: 774d06d4ae1b55c173a8ca99fad177c6
humanhash: arkansas-black-jersey-vermont
File name:IePZajh9fm9DACV.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:432'128 bytes
First seen:2020-06-30 05:27:26 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:U4u8Lx5ggJec3PZEemlbtPsuh2eOBlf1J9ZcDCVmUoWlIxfT9Tl:U4u8d5gKec/ZVmZVV2e2vCWVTHo
TLSH D494E018362D6837CEA805F64482654007F6A1A235A3F3D97DCDB0E827D7BDD1E12BA7
Reporter abuse_ch
Tags:iso NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: p3plwbeout14-06.prod.phx3.secureserver.net
Sending IP: 173.201.192.192
From: Gordon O'brien <Gordon.Obrien@g-obrien.co.uk>
Reply-To: Gordon O'brien <markhilton@blueyonder.co.uk>
Subject: L65190MH2004GOI148838
Attachment: IePZajh9fm9DACV.iso (contains "IePZajh9fm9DACV.exe")

NanoCore RAT C2:
u870797.nvpn.to:3119 (185.244.29.158)

Pointing to nVpn:

% Information related to '185.244.29.0 - 185.244.29.255'

% Abuse contact for '185.244.29.0 - 185.244.29.255' is 'abuse@gerber-edv.net'

inetnum: 185.244.29.0 - 185.244.29.255
netname: GERBER-NETWORK
descr: Wonsan, Kangwon-do
descr: Choson Minjujuui Inmin Konghwaguk
country: KP
admin-c: GN5022-RIPE
tech-c: GN5022-RIPE
org: ORG-GN148-RIPE
status: SUB-ALLOCATED PA
mnt-by: GERBER-MNT
created: 2018-01-31T19:41:57Z
last-modified: 2020-04-06T22:16:40Z
source: RIPE

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c91d163d1956328bc15bc44ab57f8f473f97937dea1360b696ebc23d5a30c1c5/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 05:29:04 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zeormpizkyzixqk3yrflk74pi47zpe355ijwbnuw5pbd2wrqyhcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso c91d163d1956328bc15bc44ab57f8f473f97937dea1360b696ebc23d5a30c1c5

(this sample)

NanoCore

Executable exe 70a3e3040e47398629957e35100380def41b1ab5b4ac73e777051b6e85c60b19

  
Dropping
MD5 82c01db6ccaa1c602b77c59b3ed64d71
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70a3e3040e47398629957e35100380def41b1ab5b4ac73e777051b6e85c60b19

Comments