MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e7f19a27095bc0e76ecb0d4a12a5cd20b0a9a0d3f512372033581aebadeecc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e7f19a27095bc0e76ecb0d4a12a5cd20b0a9a0d3f512372033581aebadeecc8
SHA3-384 hash: 0821fd824e9c3c3dc25b846e5b111caa519d8658fbfa35b2d03fb2bf00f51abb4ad41d9225904bb217b3fbfac70adec8
SHA1 hash: 30eace987aec4a20ccdf232b5d5179d9a76d6058
MD5 hash: e64be629abb1671c94c4ee307fd067a9
humanhash: nitrogen-xray-oven-happy
File name:DRAFT-COPY00697BIL-LADING97INEW.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:273'268 bytes
First seen:2020-10-21 08:07:52 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:e8n5c9pyNGS9cSrnZr/Cn7/If1co9zZKuPD2/0JY/TFsy:eqc9ch9cSrnZ07/Ifu2PPD2Giqy
TLSH 924413CA5C82B4E04D519B66CCDDD8C70B6E66DF405EA86BCAC3CC097C5836EE85E324
Reporter abuse_ch
Tags:Maersk NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail.h-email.net
Sending IP: 5.206.224.208
From: MAERSK LINE <info@cnexac.tk>
Subject: URGENT TELEX RELEASE - RE Shipment Bill of lading 20170000112
Attachment: DRAFT-COPY00697BIL-LADING97INEW.rar (contains "DRAFT-COPY00697BIL-LADING97INEW.exe")

NanoCore RAT C2s:
equity2020money.duckdns.org:62103 (156.96.118.168)
togba.duckdns.org:62103 (156.96.118.168)

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e7f19a27095bc0e76ecb0d4a12a5cd20b0a9a0d3f512372033581aebadeecc8/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 19:46:52 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bz7rtitqsw6a45xmwdkkcks42ifqvgqnh5isg4qdgwa25ow65tea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 0e7f19a27095bc0e76ecb0d4a12a5cd20b0a9a0d3f512372033581aebadeecc8

(this sample)

NanoCore

Executable exe 0bd23f7c9dce69a94544e24f503955a0fda75586b8da539e89717ee9c5271f96

  
Dropping
MD5 7917773db490fb6ced99d86066bf805d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0bd23f7c9dce69a94544e24f503955a0fda75586b8da539e89717ee9c5271f96

Comments