MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d28090559ddae9ba6e3ba76435906a1bb58a11ec0aeee43f746df928de3236a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d28090559ddae9ba6e3ba76435906a1bb58a11ec0aeee43f746df928de3236a
SHA3-384 hash: 5df5ac96fe1696b2bd1b297ff28b79858cd86e63dfb963ab25ed1c4ec307b644bf8a62832727ec958d5778e3465935b8
SHA1 hash: 8ba5e555ef9112257ccec4e7f105925cfce91ccf
MD5 hash: 104c151612803fcad4425844e0d236bd
humanhash: six-don-november-tennessee
File name:MEDICAL DISPOSABLE.pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:320'289 bytes
First seen:2020-05-12 16:30:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pxJ9BMe5ooynkcR4LZydORlxv+jKTJaSvUaQk2xisspcku2hzts+9dRp0P3AO:fOe5ooWuLCOTxL1KkDjckuozts+9Tp6D
TLSH F16423827D6315669294797CEC6D9FC58CAF9C3138D6C2E866F4038E4C6AC04CF15ABD
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vzslave02rdns15.websouls.net
Sending IP: 54.36.46.238
From: Victor Zhang| <crpharm-ir@crpharm.com>
Subject: Disposable face mask, coverall, isloation gown, shoe cover. etc
Attachment: MEDICAL DISPOSABLE.pdf.zip (contains "MEDICAL DISPOSABLE.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:55 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=luuasbkz3wxjxjxdxj3egwigug5vrii6ycxo4q7xi3pzfdpdenva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 5d28090559ddae9ba6e3ba76435906a1bb58a11ec0aeee43f746df928de3236a

(this sample)

NanoCore

Executable exe 21770aa286de38738ddaf3b4237a794ed43f858019f33ed5d2cc570de0ab0eda

  
Dropping
MD5 5e0f15e5665a0b965f213a12ed93e606
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21770aa286de38738ddaf3b4237a794ed43f858019f33ed5d2cc570de0ab0eda

Comments