MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d6eb54ddb0451fc966ca861fa3720124aa3c4a1d58e4f657611f263c52d1b82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d6eb54ddb0451fc966ca861fa3720124aa3c4a1d58e4f657611f263c52d1b82
SHA3-384 hash: 113865d1dd8ecf7afcc79ee3452a235d3622a4c3e2195a95278d4c7305813e740c6e2c4cbf9a4150bde79c8679840698
SHA1 hash: 87a4d770e705b91ac556ff607f8ad2bd7d705663
MD5 hash: dffb2cc952a311980e2d312531bba7d5
humanhash: sixteen-social-yellow-may
File name:PO57891255564GYH11192643-2152021,pdf.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:890'880 bytes
First seen:2021-02-15 06:51:32 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:FxcdRothbvp+S1YSDDCSplnjWgtUanpVkG7LR2ym:FycnbvNuYDtnjWokYR2y
TLSH 6A153962D191A614E4ED76B31730C52C3653BCDE7CB4A02429CA3A7BBE7B61143789E3
Reporter abuse_ch
Tags:iso NanoCore nVpn RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: learsoft.com.ar
Sending IP: 190.210.215.185
From: PT.MATESU ABADI PURCHASING TEAM <sutrisno@matesu.co.id>
Subject: PURCHASE ORDER REQUEST-291177
Attachment: PO57891255564GYH11192643-2152021,pdf.iso (contains "PO57891255564GYH11192643-2152021,pdf.exe")

NanoCore RAT C2:
goddywin.freedynamicdns.net:1512

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_badexts72.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d6eb54ddb0451fc966ca861fa3720124aa3c4a1d58e4f657611f263c52d1b82/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2021-02-15 06:52:10 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvxlkto3ari7zftmvbq7unzacjfkhrfb2whe6zlwchzghrjndoba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2d6eb54ddb0451fc966ca861fa3720124aa3c4a1d58e4f657611f263c52d1b82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 2d6eb54ddb0451fc966ca861fa3720124aa3c4a1d58e4f657611f263c52d1b82

(this sample)

NanoCore

Executable exe f29b0b35d584de9410f3ffe75e8e4dbc6d90ecbc6f2c4d9382d8faf33e88d80b

  
Dropping
MD5 56b32528de65ce54153c0cb0c64e5511
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f29b0b35d584de9410f3ffe75e8e4dbc6d90ecbc6f2c4d9382d8faf33e88d80b

Comments