MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 697d1011f2a49e6b51a5d0436f831d53f052cfc93531d4058156da3b6923e161. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 697d1011f2a49e6b51a5d0436f831d53f052cfc93531d4058156da3b6923e161
SHA3-384 hash: c72d6c37711b1a5fb7347d42420d4682d98ed7402f3595ff233886a091b0220a887ab03b544f6c6188096813891f6523
SHA1 hash: 385f0351fa09af1aa3bed8037f4b4af0dc4d9b74
MD5 hash: 6e6541551ce0de0ce126088060125311
humanhash: queen-sierra-kilo-yankee
File name:Project_Purchase_ A02057 NMB TYP PIP SPC 90000.pdf.img
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-25 17:19:15 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:otVPN2iVk/25hKGQlC6Z1H9Je+2ocKIHb03Jq8HcD+jrF:op2X25hKVzZPJe+2ocPg3Uuc6j
TLSH 494502B0B1D1ACABF8A586B3146DD92012B0695ED076D60DF1EE7B259BE335302F2C17
Reporter abuse_ch
Tags:img NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: server.nelleters.gq
Sending IP: 185.104.113.149
From: AZHAR OSMAN <sales@mhb.com.my>
Subject: RFQ 33091782773847 (DAHLIA, TERATAI & KANGSAR) - SUPPLY
Attachment: Project_Purchase_ A02057 NMB TYP PIP SPC 90000.pdf.img (contains "Project_Purchase_ A02057 NMB TYP PIP SPC 90000.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/697d1011f2a49e6b51a5d0436f831d53f052cfc93531d4058156da3b6923e161/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-25 10:52:41 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nf6raepsuspgwunf2bbw7ay5kpyfft6jguy5ibmbk3ndw2jd4fqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Nanocore
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/697d1011f2a49e6b51a5d0436f831d53f052cfc93531d4058156da3b6923e161

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 697d1011f2a49e6b51a5d0436f831d53f052cfc93531d4058156da3b6923e161

(this sample)

NanoCore

Executable exe 3bad40439bc290892ef4acdae7930de8d1f26911eaf4ae802ba35c3305b70559

  
Dropping
MD5 49b39ff6b0ea31d143e9a9f7b1944344
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3bad40439bc290892ef4acdae7930de8d1f26911eaf4ae802ba35c3305b70559

Comments