MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e9c210ec357138119bf1933e242b618bb0c2af89074694f90c5df9c63f81c2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e9c210ec357138119bf1933e242b618bb0c2af89074694f90c5df9c63f81c2b
SHA3-384 hash: e091e4435faaa52777b000e2712493438657f7e5eb6729c33111180499b1289237a7cf2b70f743afccc729140991330b
SHA1 hash: 2e736b56c527d2eb34fdcda0f41edc4f27e22c02
MD5 hash: b0d06d534869599439374d6b1888668e
humanhash: tennessee-mango-oregon-robert
File name:PO-5674967 .zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:3'458'335 bytes
First seen:2020-05-25 14:13:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:bbvezV+X4qEQPxDIFCb2PfUfM/bXTHK9MNZL:bbvewV3PxDIEoFNZL
TLSH A7F533C4950E110FC675148321FCF55A6DDCB8B62396EB89F0C1A0AD525E8B27EB7EE0
Reporter abuse_ch
Tags:geo KOR NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: HANKS MING DUSS <aasa78@hanmail.net>
Subject: 구매 오더 ( PO-5674967 )
Attachment: PO-5674967 .zip (contains "( PO-5674967 ).exe")

NanoCore RAT C2:
cheks.ddns.net:24500 (105.112.98.4)

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-6895514-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Nanobot
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 11:40:43 UTC
File Type:
Binary (Archive)
Extracted files:
766
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 6e9c210ec357138119bf1933e242b618bb0c2af89074694f90c5df9c63f81c2b

(this sample)

NanoCore

Executable exe 548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312

  
Dropping
MD5 b2739f6ec18e593bfe048aa21825466c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 548c375182f63e134625ec757d001e42051be39bf22f4065932ba53557825312

Comments