MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052
SHA3-384 hash: 0ad57ed1fe8dd3a1dd1b249aadf21a4c629d01cd3c7617698b5ac2c5c5ea51bfe8e3835637e93f1ea6b5fb510a84ab89
SHA1 hash: 93e7e3f1727991c4900af1e078c8832ea1d7dd27
MD5 hash: 8614a6c14b396083dc739b51f167d9fc
humanhash: eight-low-fruit-magnesium
File name:Update on Stamp Duty Charges on Paga.pdf.zip
Download: download sample
Signature NanoCore
File size:292'173 bytes
First seen:2020-06-30 13:20:28 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:eH6VfGryaFI55X8tgGV2F5QRnPTevp90aLK7eAXKS8HUJeq4dH9Hfa5XnS3vPG4x:eH6VfGuai58OGV2wJTciwjAXZ8HUJoHX
TLSH DF54237E802634A9DB980ABC28BED4C6EDDCB0FE2717793859C7FA4F1A200C5294DD55
Reporter @abuse_ch
Tags:NanoCore RAT zip


Twitter
@abuse_ch
Malspam distributing NanoCore:

HELO: vps11112.inmotionhosting.com
Sending IP: 192.145.237.232
From: Paga comms <no-reply@mypaga.com>
Reply-To: Paga <PAGAA@mail.com>
Subject: Update on Stamp Duty Charges on paga
Attachment: Update on Stamp Duty Charges on Paga.pdf.zip (contains "Update on Stamp Duty Charges on Paga.pdf.scr")

NanoCore RAT C2:
grace532.sytes.net:1919

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country FR FR
ClamAV SecuriteInfo.com.MSIL.GenKryptik.ENIA.32641.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Genkryptik
First seen:2020-06-30 13:22:05 UTC
AV detection:26 of 48 (54.17%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip df4b6e0ed32d4879c68bb3b7c7ec5c401d6645b7082a05ff3e4cbc9d3b5ae052

(this sample)

  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment

Comments