MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4db9ed7a60390efa1e647a0a27ee6e9444f431c9987435ef23096f27e152013d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4db9ed7a60390efa1e647a0a27ee6e9444f431c9987435ef23096f27e152013d
SHA3-384 hash: 86895aa3538e610da25168ae4cc7b7a8bfbadcab533c1975fc4faee8536c40844c560b4347e13b3e0cb8ef49135b5e1d
SHA1 hash: dfa5dfc7623537059a06ab9b3340d97f702f80ae
MD5 hash: 9f9f9c66392d7e18a28d7b42e1662632
humanhash: solar-echo-low-victor
File name:FILE.z
Download: download sample
Signature NanoCore
Create hunting rule
File size:937'462 bytes
First seen:2020-07-13 12:37:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:/bUGmJpl6GZN4JBFQl4hNvUvJchLOQPJctETjKZ1:/bUGApR8BS4hmxN2KEnC
TLSH 9315232C337518C54ACD94E41ABF8E30CFE76C94C34819ACB9BB7653CE522D985B44BA
Reporter abuse_ch
Tags:NanoCore RAT Yahoo z


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: sonic303-20.consmr.mail.ir2.yahoo.com
Sending IP: 77.238.178.201
From: abbass baradaran <abbass_1330@yahoo.com>
Reply-To: abbass baradaran <abbass_1330@yahoo.com>
Subject: RE: Specifications
Attachment: FILE.z (contains "FILE.exe")

NanoCore RAT C2:
johnsuccess18.ddns.net:52943 (154.118.75.121)
johnsuccess18.ddns.net:52943 (41.217.83.84)

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4db9ed7a60390efa1e647a0a27ee6e9444f431c9987435ef23096f27e152013d/
Threat name:
Win32.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 12:39:05 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jw4626tahehpuhtepifcp3tosrcpimojtb2dl3zdbfxspyksae6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

z 4db9ed7a60390efa1e647a0a27ee6e9444f431c9987435ef23096f27e152013d

(this sample)

NanoCore

Executable exe 7943dd3d1f4215ee40123ab13edc945dccd0ff9d3e9cddf372ff8ecbffe62635

  
Dropping
MD5 5b5369b2f6c3375da64a1ab886f50f9f
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7943dd3d1f4215ee40123ab13edc945dccd0ff9d3e9cddf372ff8ecbffe62635

Comments