MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05c449db00bb0f95187a0b785176c827560d8e978c25c9a3b1b83f5e064c8da2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05c449db00bb0f95187a0b785176c827560d8e978c25c9a3b1b83f5e064c8da2
SHA3-384 hash: 67c3de7aa3847e5ab81c0b0369058d98817af07b22dfe7d630164d2ed8d84c499ec2766bc4c50fabba3c397021620eea
SHA1 hash: 112114ff722f7f0e99447a7c4447b2d2e92ff2d9
MD5 hash: 2c24b2c7fa72e6514ff9626c463d84f4
humanhash: king-tango-maine-august
File name:Proof of payment.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:30'552 bytes
First seen:2020-10-14 16:28:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 768:UlMfP1MYfuYvtS0zYOFguEQdzZbfbPcezp1kpzdM:7VXlS0nWutTce11kpzdM
TLSH A7D202123E0A2A0D0451C75CF6D6639DF3A388B0171C586EB2DADD1B3A4ED9886BC4AD
Reporter abuse_ch
Tags:NanoCore rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ellyyyyyyyy.kozow.com
Sending IP: 104.168.152.142
From: Angel Luis <account@progate.top>
Subject: Proof of payment
Attachment: Proof of payment.rar (contains "Proof of payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05c449db00bb0f95187a0b785176c827560d8e978c25c9a3b1b83f5e064c8da2/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 13:28:50 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=axcetwyaxmhzkgd2bn4fc5wie5la3duxrqs4ti5rxa7v4bsmrwra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/05c449db00bb0f95187a0b785176c827560d8e978c25c9a3b1b83f5e064c8da2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 05c449db00bb0f95187a0b785176c827560d8e978c25c9a3b1b83f5e064c8da2

(this sample)

NanoCore

Executable exe 448d8312f6f75248834b2d1fc2ceb91aecb488c8f54a54f6c956b1caa7482d6b

  
Dropping
MD5 38b36ab8b9be0bb6e501f658969ae2f5
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 448d8312f6f75248834b2d1fc2ceb91aecb488c8f54a54f6c956b1caa7482d6b

Comments