MSIL/Noancooe (alias Nanocore)

Forum for analysis and discussion about malware.
Post Reply
ikolor
Posts: 327
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Thu Jul 07, 2016 6:10 pm

next...

Thanks for analysis

https://www.virustotal.com/en/file/ccd3 ... 467914818/
########################################
This type of file from my browser is classified as malware .?
########################################

https://www.virustotal.com/en/file/36ef ... 467915557/

https://www.virustotal.com/en/file/b550 ... 467915450/
You do not have the required permissions to view the files attached to this post.

ikolor
Posts: 327
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

Re: Malware collection

Post by ikolor » Fri Jul 08, 2016 5:36 am

You do not have the required permissions to view the files attached to this post.
Last edited by EP_X0FF on Tue Oct 18, 2016 8:33 am, edited 1 time in total.
Reason: software bundler trash removed

ikolor
Posts: 327
Joined: Thu Jun 05, 2014 2:20 pm
Location: Poland

MSIL/Noancooe (alias Nanocore)

Post by ikolor » Tue Jul 26, 2016 6:59 pm

You do not have the required permissions to view the files attached to this post.

User avatar
xors
Posts: 163
Joined: Mon May 23, 2016 2:01 am

Re: Malware collection

Post by xors » Tue Jul 26, 2016 9:02 pm

Nanocore contacts to frankief.hopto.me
@xorsthingsv2

User avatar
EP_X0FF
Global Moderator
Posts: 4883
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Malware collection

Post by EP_X0FF » Tue Oct 18, 2016 8:33 am

a1634.exe software bundler, trash, removed.
janavb.exe - MSIL/Noancooe (NanoCore)
janawin.exe - MSIL/Noancooe (NanoCore)
kazycrp.exe - MSIL/Noancooe (NanoCore)
cs.exe - MSIL/Silog (PWS)
NEI 13 10 Cyber__6629_i1929647758_il289940_26.exe - software bundler Mizenota

Posts moved.
Ring0 - the source of inspiration

User avatar
EP_X0FF
Global Moderator
Posts: 4883
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Malware collection

Post by EP_X0FF » Tue Oct 18, 2016 8:52 am

ikolor wrote:next...

Thanks for analysis

https://www.virustotal.com/en/file/ccd3 ... 467914818/
########################################
This type of file from my browser is classified as malware .?
########################################

https://www.virustotal.com/en/file/36ef ... 467915557/

https://www.virustotal.com/en/file/b550 ... 467915450/
310F23E7D850B1891FCE1B8A0DDDF1E63216EE50 - Ransomware
email.exe - MSIL/Silog (PWS)
updater.exe - MSIL/Noancooe

Posts moved.
Ring0 - the source of inspiration

hackr8
Posts: 25
Joined: Fri Dec 21, 2018 1:50 pm
Contact:

UDS.DangerousObject.Multi.Generic (Nanocore RAT)

Post by hackr8 » Thu Mar 07, 2019 2:49 pm

I found this on dropbox. It's made with VB6 [signature:Microsoft Visual Basic v5.0]
Please note that I was the first person to upload the file to Virustotal so the report might change soon.
Virustotal: https://www.virustotal.com/#/file/dab62 ... /detection
You do not have the required permissions to view the files attached to this post.
Last edited by hackr8 on Thu Mar 07, 2019 5:51 pm, edited 1 time in total.
My forum: hackrhouse.freeforums.net

Antelox
Posts: 264
Joined: Sun Mar 21, 2010 10:38 pm
Contact:

Re: UDS.DangerousObject.Multi.Generic (Dropbox)

Post by Antelox » Thu Mar 07, 2019 5:43 pm

This is NanoCore RAT.

C2:

Code: Select all

185.162.88.27:8778
BR,

Antelox

Post Reply