MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 984728dca6dd3d654ed7c9cb141bc6f11a92b9fee7872b75bd5fd370475c6ec4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	984728dca6dd3d654ed7c9cb141bc6f11a92b9fee7872b75bd5fd370475c6ec4
SHA3-384 hash:	29531e23c7a00d2abb2d7ba0c99f530b388f1b4b9443270f09a42c2a8f299cd0d2616776d9885c097cb1f56a068daa24
SHA1 hash:	458bd211437eaf4a625fbef4c6c7c1d676014dbb
MD5 hash:	5dce75665913214a2b79c5f00fc15d02
humanhash:	arizona-oklahoma-washington-virginia
File name:	Halkbank.iso
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	1'245'184 bytes
First seen:	2020-06-15 13:02:58 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	6144:plO8r14QBNsUFu2fqPQnrtuVK80wOYX5WZkeXB9VUxV9xtnkniD4gY5OFc7EW:plXBNsV2yPQnpaRO+efQrtnYYzFc7N
TLSH	4F45E0097BDD9610E1B99B7889F1184043B4796B2622E34FBE8D30AE1F73BD49941F27
Reporter	abuse_ch
Tags:	geo Halkbank iso NanoCore RAT TUR

abuse_ch

Malspam distributing NanoCore:

HELO: halkbank.com.tr
Sending IP: 37.49.230.92
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.S. 15.06.2020 Hesap Ekstresi
Attachment: Halkbank.iso (contains "ZFE8zFEDRpbfhKx.exe")

NanoCore RAT C2:
osharay.ddns.net:49291 (37.49.230.92)