MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6df478ac55831f500c983ce47a640fccf0c9b2ba4e4ac6cb8518439ca4235fd6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6df478ac55831f500c983ce47a640fccf0c9b2ba4e4ac6cb8518439ca4235fd6
SHA3-384 hash: 80ac69f7c45d51c5827c1add3998a1bbd9b33775773b7ce3d83630fe3fe9fcf9e5d7636436db6a1e43719dff5c6a78f5
SHA1 hash: bafb75b280bfdfc4c968a0654d6b58f45d0d0e3b
MD5 hash: 1962750dc9fda2051e2e9a72bb57d65a
humanhash: steak-monkey-east-four
File name:GMT_RFQ_20201910,pdf.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:566'618 bytes
First seen:2020-10-19 07:22:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:6Wc+xIx1Wgr7y5ImKfBCwpXiyJ1F0CvddBVLzbA3/dF6RX8SZKeP:6Wc+uZKUBCwswPrdB1zbA3FFsrKeP
TLSH 07C42355398627F00A71DA3CFD5400F23B5C4710A609DB937B6E3289D02DBE79AAD68F
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.frofr-atibu.com
Sending IP: 45.95.169.149
From: benyu <benyu@gmt.com.my>
Subject: RFQ 20201019
Attachment: GMT_RFQ_20201910,pdf.zip (contains "GMT_RFQ_20201910,pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6df478ac55831f500c983ce47a640fccf0c9b2ba4e4ac6cb8518439ca4235fd6/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 03:55:08 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nx2hrlcvqmpvadeyhtshuzapztymtmv2jzfmns4fdbbzzjbdl7la._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6df478ac55831f500c983ce47a640fccf0c9b2ba4e4ac6cb8518439ca4235fd6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 6df478ac55831f500c983ce47a640fccf0c9b2ba4e4ac6cb8518439ca4235fd6

(this sample)

NanoCore

Executable exe 8192d560e89e235f4734cf4ad8fa3a9a91abd7eb83b589c4d471efc5d6361f1d

  
Dropping
MD5 8996db32c4a4ded97f38eccaa6ddaa97
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8192d560e89e235f4734cf4ad8fa3a9a91abd7eb83b589c4d471efc5d6361f1d

Comments