MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 084b504566d4e10e5cba9681ce59d360ec30f36bd297865cff15d64ec64924c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 084b504566d4e10e5cba9681ce59d360ec30f36bd297865cff15d64ec64924c1
SHA3-384 hash: 22288c737f775f232b4d822c1f2b51b4acbf8070dcac511ea362a844176b18d310c3ed42645805a0867b3881e21347eb
SHA1 hash: 13df21163ad7d72c20a2f2afebce3db3076df348
MD5 hash: d674bc3090eb4eddef33b9b66ee7a074
humanhash: asparagus-stream-tennessee-blue
File name:msg_details_2207713999077713.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:326'007 bytes
First seen:2020-08-05 08:36:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:A0io6gBRdzt4/qBfq3dupDRFGv/v/QVTTZQNFaJ3ubJS1+8xnEDDfoI:AE6g1vBS3dqjG2ZQNgJ3x1+8xnU3
TLSH CD6423C7490635934F8E52EE2609ACD70D0233F82D32A575549A489BBD30899DEFF9B2
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: serve0.nz-bd.co
Sending IP: 104.168.190.28
From: "EXPORT3 [SS GROUP]" <info@nz-bd.co>
Subject: Payment Details for Outstanding Invoices Settlement
Attachment: msg_details_2207713999077713.zip (contains "msg_details_2207713999077713.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/084b504566d4e10e5cba9681ce59d360ec30f36bd297865cff15d64ec64924c1/
Threat name:
ByteCode-MSIL.Trojan.SmartAssembly
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 04:05:22 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbfvarlg2tqq4xf2s2a44wotmdwdb43l2klymxh7cxle5rsjetaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/084b504566d4e10e5cba9681ce59d360ec30f36bd297865cff15d64ec64924c1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 084b504566d4e10e5cba9681ce59d360ec30f36bd297865cff15d64ec64924c1

(this sample)

NanoCore

Executable exe 2b9703840cea3c427f1abf8ec784be06107fe7db48e1921c427b8a8a4254bda5

  
Dropping
MD5 57ead8efa0e2eb25ca4607647a610899
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b9703840cea3c427f1abf8ec784be06107fe7db48e1921c427b8a8a4254bda5

Comments