MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a78beede29a3b3f3f9c136144994676370363139c9ec1895c896741cc85e23c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a78beede29a3b3f3f9c136144994676370363139c9ec1895c896741cc85e23c
SHA3-384 hash: b360840ad2e95bad80138338cc00fd2084de1421fcd02dfe670532686306d14f4b3dc0602a3ca3dd4bba9fa5ed5e4bb2
SHA1 hash: 606d662b99c0d3cd0c030a1bcbe90619f96a0179
MD5 hash: 443dc87427094e241fb918bb14b23362
humanhash: louisiana-eighteen-autumn-indigo
File name:PAYMENT COPY.PDF.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:317'977 bytes
First seen:2021-02-23 06:57:34 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:EFTknyEsjy5MB3n+cNpO3U0LGaSeAgjo/sVx9q8uiwnK9mir7D9Ep6fB7vCjx:pndsO5MB3n+cNsqa/Hk8uiwnIhZx+
TLSH B2642311B6D5B9DA5CE9D360C14A01DED2CF02F4F669367EBE0FC481C8B5193B8984AB
Reporter abuse_ch
Tags:NanoCore RAT SCB z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: rdns0.12thcoolperty.ga
Sending IP: 217.25.88.221
From: STANDARD CHARTERED BANK <info@12thcoolperty.ga>
Subject: STANDARD CHARTERED BANK FOUND TRANSFER 05/09/2018
Attachment: PAYMENT COPY.PDF.z (contains "PAYMENT COPY.exe")

NanoCore RAT C2:
chinomso.duckdns.org:7688

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a78beede29a3b3f3f9c136144994676370363139c9ec1895c896741cc85e23c/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 06:58:09 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fj4l53pcti5t6p44cnqujgkgoy3qgyyttspmdck4rftudtef4i6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a78beede29a3b3f3f9c136144994676370363139c9ec1895c896741cc85e23c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z 2a78beede29a3b3f3f9c136144994676370363139c9ec1895c896741cc85e23c

(this sample)

NanoCore

Executable exe b082aa828dd2eb42d6e1de8ccd8573ac3096ceee92ad26449fc1df6e490ff4ed

  
Dropping
MD5 53e8c460446fe305dfc2159961aa6234
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b082aa828dd2eb42d6e1de8ccd8573ac3096ceee92ad26449fc1df6e490ff4ed

Comments