MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7f4ed0ec1a7ec820f7c441846f640614ae8385b1c6141eadde07335d544e43a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7f4ed0ec1a7ec820f7c441846f640614ae8385b1c6141eadde07335d544e43a
SHA3-384 hash: 9637a6358270855d5edfb76c1ff70739b85357a232c4a412cc29c28e86da8f4b1a3c3e8c7c37eb203ad21de8c48def0f
SHA1 hash: aa359f3f567a47118e82143d511e854f6bba1bfb
MD5 hash: 512db35dee7e34f7c2cbe5dce3310108
humanhash: uranus-sad-blossom-don
File name:Quotation.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:475'739 bytes
First seen:2020-05-04 18:34:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:IBMHyD6FnCXw7XTuHmkWIcI6sjk6zHTLrKVi1+yCc9gasmWiV:IOr+AuHmvICMLr7ilasmWiV
TLSH E9A423843393134D8D56FE3681DEE4874287340202FE957B0DA5F32BA6FBD05AA216C7
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: korea.com
Sending IP: 119.205.212.104
From: 신흥테크 <shinhung1@korea.com>
Subject: Quotations
Attachment: Quotation.rar (contains "Quotation.exe")

RemcosRAT C2:
dikaa.ddns.net:1970 (105.112.99.164)

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21203.RarHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 04:03:28 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=672o2dwbu7wied34iqmen5samffoqoc3drqud2w54bztlvke4q5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar f7f4ed0ec1a7ec820f7c441846f640614ae8385b1c6141eadde07335d544e43a

(this sample)

NanoCore

Executable exe af9ff2feb141ada2c8ca807fb12326dcb0d377d372d13955c33ca6aef378b387

  
Dropping
MD5 8a82561b95d7ad847ba82d95a6f74f9c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af9ff2feb141ada2c8ca807fb12326dcb0d377d372d13955c33ca6aef378b387

Comments