MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5db1afe52cb04992289ce8039aa5f4c89a6b44d9a91b387c52b58272ff34951d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5db1afe52cb04992289ce8039aa5f4c89a6b44d9a91b387c52b58272ff34951d
SHA3-384 hash: 6422765f2afb75a502462a9c59793972a96f5c226e8b212bc076c6b233afd36f91429f4ff20c49f66c99aae16e3ae662
SHA1 hash: 7621b13368d5788e240666a89306fd849957ebb0
MD5 hash: 494ed599e20b516d1e0b9d1b6893e9f3
humanhash: triple-helium-nevada-glucose
File name:NEW_ORDER4500121785_PO_PRODUCTS_PlG_TradingServices _Cos.arj
Download: download sample
Signature NanoCore
Create hunting rule
File size:452'666 bytes
First seen:2020-10-20 08:12:13 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:qn9TAklBgtaotgExlsxNS7TCk37Qk7HUjPWp4ed:q9UUgNyalsxEik37QBSKo
TLSH B4A4235F83B9843F7FCCE8795FD901199BD6512B28C9E0B6E3419C7A7D593AC2C04A88
Reporter abuse_ch
Tags:arj NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

From: PHAN NG?C H?NG <hr@wittyglobalexporters.pw>
Subject: Order 4500121785
Attachment: NEW_ORDER4500121785_PO_PRODUCTS_PlG_Trading Services _Cos.arj (contains "NEW_ORDER#4500121785_PO_PRODUCTS_PlG_Trading Services _Cos.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.30919.30554.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5db1afe52cb04992289ce8039aa5f4c89a6b44d9a91b387c52b58272ff34951d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lwy27zjmwbezeke45abzvjpuzcngwrgzventq7cswwbhf7zusuoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5db1afe52cb04992289ce8039aa5f4c89a6b44d9a91b387c52b58272ff34951d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

arj 5db1afe52cb04992289ce8039aa5f4c89a6b44d9a91b387c52b58272ff34951d

(this sample)

NanoCore

Executable exe 4d41aeadc8ec2a61264185f84985595dea4edec7a0c1e0866497c5f16d3dff46

  
Dropping
MD5 b37008e83854fa3ebc61e75906d91480
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d41aeadc8ec2a61264185f84985595dea4edec7a0c1e0866497c5f16d3dff46

Comments