MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a03e19e4fc6c581ac1d2aac5a5767fc375b5013c21ffdd3de575fe70e229c09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a03e19e4fc6c581ac1d2aac5a5767fc375b5013c21ffdd3de575fe70e229c09
SHA3-384 hash: fbed294f80e0acef2449df3f674d25f2b3db5cf7c4a4e40bbb3aa685bc2fb9caab6df2141ac64ce8eba54f060285bec0
SHA1 hash: 1cf452c0a796fd59540f8f13b0df7ed465426bd5
MD5 hash: 922fbdad8e0404f0e742a0064e430019
humanhash: xray-october-tennis-mexico
File name:bdo_bank_payment_slip.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'667'521 bytes
First seen:2020-10-26 14:34:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:5k1HK/U7gQaUgz3+wP85WnInL7H/4rrCfBhR5PH0sN:Kq/U7tabzu8nOLr46XzPH0sN
TLSH 2875337B1ABF926BDF390B23108F65D9A52C0761357131AFE85099F06A39FF50B0AD06
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: usskm13.hostsila.org
Sending IP: 216.155.147.117
From: BDO <office@exotictour.az>
Reply-To: BDO <orozcobryan409@yahoo.com>
Subject: Bank deposit slip for your confirmation
Attachment: bdo_bank_payment_slip.rar (contains "paymentslip.exe")

NanoCore C2:
favor.testfood.ml:49617 (31.220.4.216)

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a03e19e4fc6c581ac1d2aac5a5767fc375b5013c21ffdd3de575fe70e229c09/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 06:13:20 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jib6dhspy3cydla5fkwfuv3h7q3vwuatyip73u66k5p6odrctqeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 4a03e19e4fc6c581ac1d2aac5a5767fc375b5013c21ffdd3de575fe70e229c09

(this sample)

NanoCore

Executable exe 865ace0d8291b403d80bcf26ebbc0adc9b108879fc6df41ea82be1c2c54ad17c

  
Dropping
MD5 6a7501cd18460d0915d3c9c1b171652f
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 865ace0d8291b403d80bcf26ebbc0adc9b108879fc6df41ea82be1c2c54ad17c

Comments