MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03d4fae76c9b9a345ee7edae36995fd31a8c6b813a5e98de41c4a391777f3e3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03d4fae76c9b9a345ee7edae36995fd31a8c6b813a5e98de41c4a391777f3e3d
SHA3-384 hash: 27c6524aef8185410b67d36619374ac48cbbce6973cbd466a95daa3324341cc1c2c463a2f60540cf7c036126c60b6d21
SHA1 hash: 3f2ad264948bdd4592b7a538f56cbbc783877401
MD5 hash: 280a68920b11ba6e20e6156ad3a1d67e
humanhash: moon-tango-hot-romeo
File name:Products and specification_pdf.gz
Download: download sample
Signature NanoCore
Create hunting rule
File size:465'503 bytes
First seen:2020-10-12 05:49:42 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:7K3HSMrmbHK1AykkeeCvqqgDluU24AO1M7y1cVNSbLkGHfp+/zEqpE73HQYi:eRUHkA59e0gDoVVxG44nkGHBsEqEi
TLSH E2A4232C887EB584FD27005E4A5B35CF7FF71E990E576881CC89A83622E79C18A9D34D
Reporter abuse_ch
Tags:gz NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server.devbox12.com
Sending IP: 162.249.2.44
From: Ahmed Kazeem <ahmedk@tarponenergy.com>
Reply-To: Ahmed Kazeem <ricknicolas.aol@hotmail.com>
Subject: Request for quote
Attachment: Products and specification_pdf.gz (contains "gunzipped")

NanoCore RAT C2:
23.105.131.170:20201

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03d4fae76c9b9a345ee7edae36995fd31a8c6b813a5e98de41c4a391777f3e3d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=apkpvz3mtondixxh5wxdngk72mniy24bhjpjrxsbysrzc537hy6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/03d4fae76c9b9a345ee7edae36995fd31a8c6b813a5e98de41c4a391777f3e3d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

gz 03d4fae76c9b9a345ee7edae36995fd31a8c6b813a5e98de41c4a391777f3e3d

(this sample)

NanoCore

Executable exe e0c34f114e453f3bbc87f54c2216141f5b805095e7d72ef8ec01192af5110452

  
Dropping
MD5 0168641cd7c9519d2fcc8586222d2e86
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0c34f114e453f3bbc87f54c2216141f5b805095e7d72ef8ec01192af5110452

Comments