MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6548da53adba0a830a6ae553e236ddde9de15cf9b20cfbb1568c1732913b64fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6548da53adba0a830a6ae553e236ddde9de15cf9b20cfbb1568c1732913b64fd
SHA3-384 hash: 18ebb1b6152d295aafc878b180c31f5f28064b02f259b88f68d83cf4ebc9d96cc13a63de39d5155ebbd8a0c63ab2b397
SHA1 hash: e9c8f1b5450897c5970b4137f4d7e543d840c25f
MD5 hash: 392f6049e7e1159f453030116f5adfe0
humanhash: edward-alabama-crazy-social
File name:gunzipped
Download: download sample
Signature NanoCore
Create hunting rule
File size:414'208 bytes
First seen:2021-02-21 18:08:29 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 6144:M/7jHNyWI+b1m3N2teCoTpkB/Bm8V/7bLf8q2/MQo1m1dupfmndJLvG:mEaE3N20CBTHU/Noydupf2
TLSH 9F94121036A80736C6DA9FF2B722A104237A6628D4B3F77E4C5D70C514777291AE2E9F
Reporter abuse_ch
Tags:NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: slot0.groveressentials.xyz
Sending IP: 203.159.80.67
From: Sales004 - EXPORT <order@groveressentials.xyz>
Subject: rfq/20201 FEB21-26 RFQ_EXPORT_QUOTE_NEW ORDER/PO009962258/(đơn hàng mới)
Attachment: gunzipped (contains "256ec8f8f67b59c5e085b0bb63afcd13.exe")

NanoCore RAT C2:
cloudhost.myfirewall.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
248
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42850.28965.22498.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6548da53adba0a830a6ae553e236ddde9de15cf9b20cfbb1568c1732913b64fd/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-21 18:09:06 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mvenuu5nxifigctk4vj6enw532o6cxhzwigpxmkwrqltfej3mt6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

tar 6548da53adba0a830a6ae553e236ddde9de15cf9b20cfbb1568c1732913b64fd

(this sample)

NanoCore

Executable exe 52d01903f7c366e01359a00ea771ca1f71d4e1bb54731290bc62c3a218f5af80

  
Dropping
MD5 0bbcc2e64e3edf053ed4af2c0bafb0eb
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52d01903f7c366e01359a00ea771ca1f71d4e1bb54731290bc62c3a218f5af80

Comments