MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 997bc4f2440e0ca5afa97ddc3b83b3e998cc3c4d5d0edfaddb41accab2faeab6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NanoCore

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	997bc4f2440e0ca5afa97ddc3b83b3e998cc3c4d5d0edfaddb41accab2faeab6
SHA3-384 hash:	a402e12f7c74f61d0156c7cdeb490cc932caaa041fca761f9f7333d8f749df077d31a3088addf77ee15498ad3d8261dd
SHA1 hash:	d1e132d087e62fc317d71103fc626c103ebdb287
MD5 hash:	b34b9921fe75108b9635627a7a2ef71f
humanhash:	earth-finch-alpha-uranus
File name:	PROOF OF PAYMENT.rar
Download:	download sample
Signature	NanoCore Create hunting rule
File size:	688'647 bytes
First seen:	2020-10-13 14:49:04 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:ki7AHxjJtBHNHu+hOw0ak/gBcOTVGfv9+n9ds7Gz5CRoXLZkZMgnaWt2wNh4w1:kic/Oha6+LcX9+n9+K9motgMgn31Nh4U
TLSH	AAE423DE3A3C262B1CBFF419659B84B86CD34734028453AA4E99F379C463B72665C60E
Reporter	abuse_ch
Tags:	NanoCore rar RAT

abuse_ch

Malspam distributing NanoCore:

HELO: bronbergwisp.dedicated.co.za
Sending IP: 197.242.156.206
From: payment@santa-laurensia.com
Reply-To: don4eyo@gmail.com
Subject: PROOF OF PAYMENT
Attachment: PROOF OF PAYMENT.rar (contains "PROOF OF PAYMENT.exe")

NanoCore RAT C2:
amechi.duckdns.org