MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fdea74055251b83bb33e9bd25d0395b26028bea25382017c4132f5bda636cff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fdea74055251b83bb33e9bd25d0395b26028bea25382017c4132f5bda636cff
SHA3-384 hash: 17b94d76f2508afd824495617f7a919b82c4c7a7b2b4145878afa7a98ec64981adbcb93679c581273f1bb05b5533aafe
SHA1 hash: 7539b27ba9767ba04764050c9a727fea295d6f02
MD5 hash: 38213469d41e775e233e43aa64953c4e
humanhash: solar-football-kansas-michigan
File name:PROOF OF PAYMENT.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:822'637 bytes
First seen:2020-11-06 07:15:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:5WwlddXvXXvbU8temkn8fftKnRXCNiKFqMadIjL2wns/DQVrhn80at8JZ408hXy3:R1Zzkn6fIRXCNnqJqLOqha0ZVkEL
TLSH 2E053384108F2106167FEB6F6A92FE1DAD0C480AC91B0637FFC4EB1467965E4C716AF9
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server1.localdomain
Sending IP: 218.15.154.174
From: ACCOUNT<sales@mweb.co.za>
Reply-To: <hjfanels@gmail.com>
Subject: PROOF OF PAYMENT
Attachment: PROOF OF PAYMENT.rar (contains "PROOF OF PAYMENT.exe")

NanoCore RAT C2:
amechi.duckdns.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fdea74055251b83bb33e9bd25d0395b26028bea25382017c4132f5bda636cff/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 13:21:35 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7pkoqcveunyhozt5g6slubzlmtafc7keu4caf6ecmxvxwtdnt7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 1fdea74055251b83bb33e9bd25d0395b26028bea25382017c4132f5bda636cff

(this sample)

NanoCore

Executable exe ae81fc6dabd568d1be564cb9e1aea3cab5653c7f57e1dae7c8399e76850643a7

  
Dropping
MD5 0b0ea3a89a3a2198958f0b38a6e24e0f
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae81fc6dabd568d1be564cb9e1aea3cab5653c7f57e1dae7c8399e76850643a7

Comments