MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71a317e1f9286849a01291d42ddee926264f14fc055a8427ef0c8bfd40dd7a59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71a317e1f9286849a01291d42ddee926264f14fc055a8427ef0c8bfd40dd7a59
SHA3-384 hash: 55817a00815b5cbdd390f3c881032e78823b5f380e56497a4ebcebee7b52e0976f1f693cbb4889639e366af2ac07cc5d
SHA1 hash: 7e7beb754997991b5a239f7815c060eb5f1bd561
MD5 hash: 5bf4781bb55880ed84a5c5a14f28073a
humanhash: steak-snake-louisiana-comet
File name:PROOF OF PAYMENT.IMG
Download: download sample
Signature NanoCore
Create hunting rule
File size:1'441'792 bytes
First seen:2021-03-10 09:27:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:gQrsUUZc3+zi42gB2MVuCULFKwhIiaAZmMZ5vATxhIY0h1SC1aSrMsbSTB7C:gQYbW++5O2MMZL5LZm85YMY0HESr+B7
TLSH 3265F0A4F229A271F56477B51A73637C0A3E2E22E821D75D3A4D32CD26767C048E7E13
Reporter abuse_ch
Tags:img NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: max.wm.co.za
Sending IP: 51.159.54.9
From: Account <sales@neoshosecurity.co.za>
Subject: Fwd: PROOF OF PAYMENT
Attachment: PROOF OF PAYMENT.IMG (contains "PROOF OF PAYMENT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.8526.13461.15428.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 09:28:08 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogrrpypzfbuetiasshkc3xxjeyte6fh4avniij7pbsf72qg5pjmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71a317e1f9286849a01291d42ddee926264f14fc055a8427ef0c8bfd40dd7a59

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

img 71a317e1f9286849a01291d42ddee926264f14fc055a8427ef0c8bfd40dd7a59

(this sample)

NanoCore

Executable exe 13c2c8a664f801f6b93ad2df2fdcf8bd5335af505a25f76f1163639fdf6e8b2a

  
Dropping
MD5 0e626250753ad4939ff57c7e28ba8a1b
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 13c2c8a664f801f6b93ad2df2fdcf8bd5335af505a25f76f1163639fdf6e8b2a

Comments