MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39d58ce393894682103ba155bc99549b2c45b6b68880db41115e909629583a67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39d58ce393894682103ba155bc99549b2c45b6b68880db41115e909629583a67
SHA3-384 hash: a6d768efac00c5d6cae5572465a70b81e7b97874d4ab974b0285304a4539e419ffbdb7312c0a07f1980edcb631bf6995
SHA1 hash: d1599650d8e92f0d81152ead25e186e0dd41a7c5
MD5 hash: edad1d5bc11d914e9c45dbc62b5bcf19
humanhash: high-double-xray-ink
File name:002348.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:504'126 bytes
First seen:2020-08-18 09:51:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:GiK5obngEg/l+0fGW8JryQgucUtHgdiSRk7Sb+eh6D/L:Gikosh+0eUQgjYHg8SRF6Dz
TLSH 67B423B317D7752391539ABEF1584EA983824D49BCAA02FC7C316E3E32106219F7157B
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: yahoo.com
Sending IP: 37.49.230.46
From: '' Fabrício''<lglmp@yahoo.com>
Subject: RE:INQURING
Attachment: 002348.zip (contains "002348.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BScope.Trojan.Crypt.5088.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39d58ce393894682103ba155bc99549b2c45b6b68880db41115e909629583a67/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 09:52:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hhkyzy4trfdieeb3ufk3zgkutmwelnvwrcanwqirl2ijmkkyhjtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 39d58ce393894682103ba155bc99549b2c45b6b68880db41115e909629583a67

(this sample)

NanoCore

Executable exe 45fc7df1993a3984113d23e0e6a71580197840199de26c09546eff8a1bcc6bac

  
Dropping
MD5 574adaeaf87856495d564cdb935d40b7
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 45fc7df1993a3984113d23e0e6a71580197840199de26c09546eff8a1bcc6bac

Comments