MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ff810efa7cabb7e4c91319244aa19d0460fad2b8500663441c7bff068014067. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ff810efa7cabb7e4c91319244aa19d0460fad2b8500663441c7bff068014067
SHA3-384 hash: 762603dbe9dd19196698eb28289b21160120f484b5ae7ca58b7c189d8ff6c734c0483983ed23c55e7a98be839bbaf42c
SHA1 hash: c108a44c77162f4f485601f86dc859ee85687019
MD5 hash: fa37810aeacda1365a7e7c6c597eeb40
humanhash: mockingbird-happy-blue-may
File name:Document.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:583'680 bytes
First seen:2020-05-03 08:20:33 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:hhdugdM40i/kH1F8hAFTNepo5WEkeOHbqfOOXDpdR0BKI36Vtwm+MUUP4w7o:hruJo/kscTNVsbitTfuDbNC
TLSH DDC4BF112997971AE2794B3095C8F37167EFBDA33502E32A24D8DF473B16F118A4339A
Reporter abuse_ch
Tags:ARE geo iso MailChannels NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: crocodile.birch.relay.mailchannels.net
Sending IP: 23.83.209.45
From: Dubai Police Force <invitation@dubaipolice.gov.ae>
Subject: Final Invitation From The Dubai Police Force
Attachment: Document.iso (contains "Document.exe")

NanoCore RAT C2:
172.111.188.199:8829

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Fonctuzim.1.26078.1603.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 03:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h74bb35hzk5x4terggjejkqz2bda7ljlquagmncby677a2abibtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 3ff810efa7cabb7e4c91319244aa19d0460fad2b8500663441c7bff068014067

(this sample)

NanoCore

Executable exe c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a

  
Dropping
MD5 c132501f57681f7307e29f080627821d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c068b1a7379f95ee883cd4ed9639bb2b28c380934f3bc0e0c7be97ad808c7b8a

Comments