MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b128a16e503de0cf68ef58d0a83c9c7d2423aecc1c86c85368fe325a2ad3291. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b128a16e503de0cf68ef58d0a83c9c7d2423aecc1c86c85368fe325a2ad3291
SHA3-384 hash: 23aa381a3710b7f9d7f03a62d78505308be1f3c830cea7bf62f109a50a85dd838064b0f173f15cf7646eed7e99a21dc1
SHA1 hash: 8228a48bc5512b6bb954669c073d2b8fb2a17f15
MD5 hash: 5c610f6c51c610a8d8e9efed3e111a44
humanhash: october-may-oranges-stairway
File name:Tax Return Redemption.001
Download: download sample
Signature NanoCore
Create hunting rule
File size:769'094 bytes
First seen:2020-11-06 07:01:59 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Wn+nd3Qi36oRgxdsIM79E1vrPkcdiYj8P894iDVXpF49O/hOaJd7izlFu:UGdAiq3npt1vrPkcEYj8g1n49O/l5izq
TLSH 9AF4334DD0C7C8868BBA4A31F0219519E1748A26F76571D365C3AA4FB88DCCB5C2CFE9
Reporter abuse_ch
Tags:001 NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: slot0.ndmpef.tk
Sending IP: 192.236.193.72
From: Sars.eFiling audit<ref.tax@efill.tm.za>
Reply-To: <eurosales@yandex.com>
Subject: Posted funds notification
Attachment: Tax Return Redemption.001 (contains "Tax Return Redemption.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b128a16e503de0cf68ef58d0a83c9c7d2423aecc1c86c85368fe325a2ad3291/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 21:14:15 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dmjiufxfappaz5uo6wgqva6jy7jeeoxmyhegzbjwr7rslivngkiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 1b128a16e503de0cf68ef58d0a83c9c7d2423aecc1c86c85368fe325a2ad3291

(this sample)

NanoCore

Executable exe 2148870829f994731f3632eb45d059478632774949cab953b542b661d3f81de8

  
Dropping
MD5 eceede5b38486406367ee26074c70d89
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2148870829f994731f3632eb45d059478632774949cab953b542b661d3f81de8

Comments