MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 589988a0edb2b96a31eadfeb9a0a3f2d81e22be0432ba36ef6bbace281425c31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 589988a0edb2b96a31eadfeb9a0a3f2d81e22be0432ba36ef6bbace281425c31
SHA3-384 hash: eef0867bda3ccaacea8c6ebae281d30f2df1dc67f063ad91e1acc8efaf9446cc351a7c9bbe523abf08e1392c84bb0300
SHA1 hash: 24d67faa4096b47f6cdb748d7871be9ba846271a
MD5 hash: a46ad58a55b35a8271f2ce939977a790
humanhash: ink-july-august-pasta
File name:Order7052020.rar
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'101'931 bytes
First seen:2020-05-07 06:58:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:jbfQei7y0sfESGYSOHITbsoNz5rU3EvZ4UeBHGoqzBWvEqSVjlxP1nCeyis+:jbfQei7y0sfESzHITbNNz5TvZ4UeBH7E
TLSH 0E3533C42E96466DE63DCCBBB287C463D0A459D90CB1706F6D356A6C8E08879F1E3E31
Reporter abuse_ch
Tags:NanoCore rar RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: smtp2.hiworks.co.kr
Sending IP: 121.254.168.210
From: 대표이사 <tongshim@stechnopia.com>
Reply-To: =?utf-8?B?IuuMgO2RnOydtOyCrCI=?= <tongshim@stechnopia.com>
Subject: Order7052020#
Attachment: Order7052020.rar (contains "Order7052020#.exe")

NanoCore RAT C2:
dikaa.ddns.net:1970 (105.112.99.164)

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:36:42 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lcmyrihnwk4wumpk37vzucr7fwa6ek7aimv2g3xwxowofakclqyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

rar 589988a0edb2b96a31eadfeb9a0a3f2d81e22be0432ba36ef6bbace281425c31

(this sample)

NanoCore

Executable exe 2117e4ef23d02bff355d866d19fb37281fcf25906be2cc0ea6dc4e749082a734

  
Dropping
MD5 b6940f2d58766122624cf05ecafeba7e
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2117e4ef23d02bff355d866d19fb37281fcf25906be2cc0ea6dc4e749082a734

Comments