MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08a8c5d537c17009816e739131cc09bf6c5532c1f07d0f629e2f7a86441ff2a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 08a8c5d537c17009816e739131cc09bf6c5532c1f07d0f629e2f7a86441ff2a8
SHA3-384 hash: 4a589b5cad71081a65e7c0924d689fa846d45f3504e31e880b018576242e0c751d27306f98327602040b575a186b400d
SHA1 hash: 1d6ee22fb4615008a790ba789692709200a9bb5d
MD5 hash: 025d114362d4f4bb890f3e4026889204
humanhash: enemy-fish-colorado-four
File name:invoice.img
Download: download sample
Signature NanoCore
Create hunting rule
File size:2'228'224 bytes
First seen:2020-10-20 07:20:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:93BpznskrNaCET6B16MFUr4Z/OdShkwIvymd5qi0orATZgLcMd90nNn+BW5ZG3vG:93L9ETayzvXAsbQP
TLSH 8EA5A29C7650B6DFC85BCE728AA81C64EA6074BA830FD203A01715EDDA4DA97CF145F3
Reporter abuse_ch
Tags:img NanoCore RAT UPS


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail01.lsn.net
Sending IP: 66.90.130.120
From: UPS Express <andrew.driscoll@grandecom.net>
Subject: Order Confirmation
Attachment: invoice.img (contains "invoice.exe")

NanoCore RAT C2:
blitzwar45.duckdns.org:2233 (155.138.225.76)

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/08a8c5d537c17009816e739131cc09bf6c5532c1f07d0f629e2f7a86441ff2a8/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 23:22:39 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bcumlvjxyfyataloooitdtajx5wfkmwb6b6q6yu6f55imra76kua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/08a8c5d537c17009816e739131cc09bf6c5532c1f07d0f629e2f7a86441ff2a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 08a8c5d537c17009816e739131cc09bf6c5532c1f07d0f629e2f7a86441ff2a8

(this sample)

NanoCore

Executable exe 686a21daa8d967cbd31e7672200f1c9eed2a7835ba8ef7cc3902c99005b292f4

  
Dropping
MD5 26bdadf87627c8a0fe81a93b4baaacc8
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 686a21daa8d967cbd31e7672200f1c9eed2a7835ba8ef7cc3902c99005b292f4

Comments