MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93f723072985373ab34de389f40aa1cd37de824d111998e3c6bbd6dde0d105d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93f723072985373ab34de389f40aa1cd37de824d111998e3c6bbd6dde0d105d0
SHA3-384 hash: 24a6dc086785c097b9937cbf1f066080a71df1aa7e2ffea68c89beeeac76880cc84bdff7ff01a8b43ce7fae6ef5436df
SHA1 hash: 08cc6ebf6574beb2bf8dd327a57d7b4bb1c760be
MD5 hash: 4d4d1b8ebccfcb907360e55391abbf8c
humanhash: triple-apart-golf-montana
File name:SOW_Change Emergency Light.xlxs.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:698'432 bytes
First seen:2020-10-22 07:03:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MwjuRnwkQQDMRVD179avnayMZ92COgzUNqlm5VUKzxaQ7no6ZvRFNDj4HlCI:MQuC3dp9wXMT2OAgbKsD6VRj0YI
TLSH 81E4230591E1A33CF2A9D0F82625E1BD191760EC856774297307BF843923EA9BEF427D
Reporter abuse_ch
Tags:NanoCore Outlook RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: APC01-HK2-obe.outbound.protection.outlook.com
Sending IP: 40.92.255.85
From: Boontavee Charoenchai <btvcc@hotmail.com>
Subject: Notification of no receipt of goods and Invoice 11 - 30 Oct 2020
Attachment: SOW_Change Emergency Light.xlxs.zip (contains "SOW_Change Emergency Light.xlxs.exe")

NanoCore RAT C2:
193.37.254.35:4070

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93f723072985373ab34de389f40aa1cd37de824d111998e3c6bbd6dde0d105d0/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 06:35:19 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sp3sgbzjqu3tvm2n4oe7icvbzu355asncemzry6gxpln3ygraxia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip 93f723072985373ab34de389f40aa1cd37de824d111998e3c6bbd6dde0d105d0

(this sample)

NanoCore

Executable exe e58365faedd335953c8f41dc5d7e9056c6db3924628dcf977ad7e556410d558a

  
Dropping
MD5 aeddfd4a3fc6d3c61ef6b59064558fac
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e58365faedd335953c8f41dc5d7e9056c6db3924628dcf977ad7e556410d558a

Comments