MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 148b7d63da244a5d4d706c351a9b8708fcefa2ca2f25112208e3bc4c5f62d5c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 148b7d63da244a5d4d706c351a9b8708fcefa2ca2f25112208e3bc4c5f62d5c8
SHA3-384 hash: f5da292d9f14699be5e9bb5e4c4e8a0d999e8f3466fac6daf9458685b00e33e5162e1b5cef87c2cf0cc0bc9bff03f41a
SHA1 hash: 14842a50e6a936d6c13a7d3df7974858b45972db
MD5 hash: 8fdde438ee2af31c32ba0634aaa4d477
humanhash: item-jig-fanta-eight
File name:PO 2763534615.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:341'559 bytes
First seen:2020-07-13 11:36:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:5m9sUlp/a1+Mm7bkO2vKlpbfQ2j+msoMntacwXUtHss2/oMfDGWB:O9++HL2vKlpzQ2ChPn0cwXcvMfT
TLSH 2B74231785A9661EC833591319187D3FDBF82C0C5DF1AA7E08179C89FD9222DBB6B342
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: relay0.mail.tigron.net
Sending IP: 86.39.66.24
From: Ng, Eliza <pch.lokal@dpt.dharmap.com>
Reply-To: almaduhector@yahoo.com
Subject: New Order & 40% deposit;;
Attachment: PO 2763534615.rar (contains "PO 2763534615.exe")

NanoCore RAT C2:
flysky1400.ddns.net:3180 (118.151.221.106)

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/148b7d63da244a5d4d706c351a9b8708fcefa2ca2f25112208e3bc4c5f62d5c8/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:38:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=csfx2y62erff2tlqnq2rvg4hbd6o7iwkf4srciqi4o6eyx3c2xea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 148b7d63da244a5d4d706c351a9b8708fcefa2ca2f25112208e3bc4c5f62d5c8

(this sample)

NanoCore

Executable exe 93bf34f3e42fb55786de7c65c2aa7f8340194e12708170e7f9a0bf0c42c2a72f

  
Dropping
MD5 a14645df9ec875f21afb08fea742a1df
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93bf34f3e42fb55786de7c65c2aa7f8340194e12708170e7f9a0bf0c42c2a72f

Comments