MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1ac193860cf4acea702ffa38bde6c1742b2e37d0f78eb591ff4d44a10a6fba1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1ac193860cf4acea702ffa38bde6c1742b2e37d0f78eb591ff4d44a10a6fba1
SHA3-384 hash: a84ea1b30367a028db45450e5e34d3872b4cc38ccc9932f0ebc61a79644a474633c788bba782d814ddd5a9e7a435c1d9
SHA1 hash: 8faf69cffeae21518a04ab63d26a7977a2a428ef
MD5 hash: 4fbafa5149664b5c1dc5af1b15df5469
humanhash: lemon-sweet-papa-network
File name:Document.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:961'021 bytes
First seen:2020-08-06 05:35:23 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:nbUGmJplnRmX2eKmBEMKNx3uGmLrzWkPkIm826D0b1xij8:nbUGApPmX2YaMix4LrVcImaKuj8
TLSH A415236D0424F4F28F27563D0673396C5AE78B6AC785ECD1D0F5B8812E9A76023BCC66
Reporter abuse_ch
Tags:NanoCore RAT z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mailer-0104.inet.vn
Sending IP: 103.57.223.50
From: huong.tranthu2@sbv.gov.vn <huong.tranthu2@mhfoods.vn>
Subject: Re: Bank Transfer Notification
Attachment: Document.z (contains "Document.exe")

NanoCore RAT C2:
johnsuccess18.ddns.net:52943

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1ac193860cf4acea702ffa38bde6c1742b2e37d0f78eb591ff4d44a10a6fba1/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:37:04 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2gwbsodaz5fm5jyc76ryxxtmc5blfy35b54owwi76tkeuefg7oqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d1ac193860cf4acea702ffa38bde6c1742b2e37d0f78eb591ff4d44a10a6fba1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z d1ac193860cf4acea702ffa38bde6c1742b2e37d0f78eb591ff4d44a10a6fba1

(this sample)

NanoCore

Executable exe 29f8b2166231d28a854811843313dd081bd628d7eb5d58c45b9b3d443a928593

  
Dropping
MD5 f2cd75de1be62da47bf993a4aecdb32b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29f8b2166231d28a854811843313dd081bd628d7eb5d58c45b9b3d443a928593

Comments