MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1698e9960588c4ffdae6ccba9317c4073c1562b3e1a56676c485a8317d369b8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information 2 Yara 5 Comments

SHA256 hash: 1698e9960588c4ffdae6ccba9317c4073c1562b3e1a56676c485a8317d369b8a
SHA1 hash: 616337d17b3f0a8771f0048b974d7fc6e4caf552
MD5 hash: 07e6f59b1a7aba649e47a92e176095bd
Download: download sample
Signature NanoCore
File size:449'536 bytes
First seen:2020-05-22 20:43:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:9FOt7HvEpqjpmqPhxv/NznpTFc5ELxICiZRjicT3Dq9gLh9R5b:bAcpqVNd
TLSH 0FA47CAC766076DFC85BC976CE982C64EA2074BB930BD203A01315ED9A0DA97CF155F3
Reporter @SecuriteInfoCom


Mail intelligence No data
# of uploads 1
# of downloads 23
Origin country US US
VirusTotal:Virustotal results 41.67%

Yara Signatures

Rule name:ach_NanoCore
Rule name:Nanocore
Author:JPCERT/CC Incident Response Group
Description:detect Nanocore in memory
Reference:internal research
Rule name:Nanocore_RAT_Feb18_1
Author:Florian Roth
Description:Detects Nanocore RAT
Reference:Internal Research - T2T
Rule name:Nanocore_RAT_Gen_2
Author:Florian Roth
Description:Detetcs the Nanocore RAT
Rule name:win_nanocore_w0
Author: Kevin Breen <>

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download


Executable exe 1698e9960588c4ffdae6ccba9317c4073c1562b3e1a56676c485a8317d369b8a

(this sample)

Delivery method
Distributed via web download