MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8978d0b1b16ff9e43dca84bd1115d85fe89a8b335a31db98a07251c2e72dba35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8978d0b1b16ff9e43dca84bd1115d85fe89a8b335a31db98a07251c2e72dba35
SHA3-384 hash: 862fa59940f6add2b5f2e54c4bf9ccd026c548ce90b505e3afff203c13a953bf760f27b7bb19fa2d9c8d4f459a12e7e3
SHA1 hash: 75055ed7d4492863bdfbafd48a6135606d95a6c8
MD5 hash: 21643125fb43f2be7bfd43c9fcbfa107
humanhash: georgia-fourteen-twelve-alpha
File name:DHL_file 187652345643476245.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:567'296 bytes
First seen:2020-12-30 09:13:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:tHL8M3fDOamWb+dQeL5iUCABu9XxB7X3Pg6Ev/zABAPkf05n6+pG8NQiYzv+yvOU:DXxB7Pgjv/bPRlpdNQik+yvq
TLSH E1C4F15063B86B22DA7D0BF6192411140BB360DA65F3D34DBECE60E61B77B430E96B27
Reporter abuse_ch
Tags:DHL Hostwinds iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: hwsrv-816835.hostwindsdns.com
Sending IP: 104.168.174.166
From: DHL Express <sales@gommcp.com>
Subject: 紧急 - DHL Shipment Document
Attachment: DHL_file 187652345643476245.iso (contains "DHL_file 187652345643476245.exe")

NanoCore RAT C2:
185.157.160.233:54984

Intelligence

File Origin
# of uploads :
1
# of downloads :
346
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.405.1840.4534.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8978d0b1b16ff9e43dca84bd1115d85fe89a8b335a31db98a07251c2e72dba35/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-12-30 04:13:16 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rf4nbmnrn746ipokqs6rcfoyl7ujvcztliy5xgfaoji4fzznxi2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 8978d0b1b16ff9e43dca84bd1115d85fe89a8b335a31db98a07251c2e72dba35

(this sample)

NanoCore

Executable exe a8850a204db73426d64f9cf6b238eea769978ea0ffbfe8d7343aec9b63c2e259

  
Dropping
MD5 528fa2f6051b5b279c477acc11d92c4a
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8850a204db73426d64f9cf6b238eea769978ea0ffbfe8d7343aec9b63c2e259

Comments