MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f3235ca0410808f8c3ecc87ec26358a128e56eac6fe1742331d8f101e2cc1e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f3235ca0410808f8c3ecc87ec26358a128e56eac6fe1742331d8f101e2cc1e3
SHA3-384 hash: a6416f631a52821590f98769cc3eefa2f999444c739f71ee49c029bd0450d6618907112d1e70526a84cd6190b8b53666
SHA1 hash: cdef61ca0581f806227fa63ea43d991010187522
MD5 hash: edc61ffd8755628afdc07b58d7f8e6e5
humanhash: floor-mirror-fourteen-october
File name:CN-Invoice-XXXXX9808-19011143287990.iso
Download: download sample
Signature NanoCore
Create hunting rule
File size:268'288 bytes
First seen:2021-02-22 06:39:06 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 1536:yQEpTCImp9zO6/XSTwtPo55rKrFUcDOC53bzf01l:yQJta6/XQIFNMl
TLSH 9A446203A82D99B2EF38A33E40050CC991F51C9C55D9B22A57BCBD3DDA3D4625D1FA2E
Reporter abuse_ch
Tags:FedEx iso NanoCore RAT


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: [192.188.88.227]
Sending IP: 192.188.88.227
From: FedEx Express - Do Not Reply <Carrie.Park@expeditors.com>
Reply-To: nopeply-fedeoxngr@iname.com
Subject: [CN]: FedEx Invoice 账单 (CustomerAccount -XXXXX9808-19011143287990)
Attachment: CN-Invoice-XXXXX9808-19011143287990.iso (contains "CN-Invoice-XXXXX9808-19011143287990.exe")

NanoCore RAT C2:
nanopc.linkpc.net:50005

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Noon-9829285-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f3235ca0410808f8c3ecc87ec26358a128e56eac6fe1742331d8f101e2cc1e3/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4zdlsqeccai7db6zsd6yjrvriji4vxky37boqrtdwhrahrmyhrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

iso 9f3235ca0410808f8c3ecc87ec26358a128e56eac6fe1742331d8f101e2cc1e3

(this sample)

NanoCore

Executable exe a0ebcb3078763eb8acca534831ef9ca1a213347328698aa3cda7c5bd23cd81d8

  
Dropping
MD5 a656f522f604872e02daee9dbc458d9c
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a0ebcb3078763eb8acca534831ef9ca1a213347328698aa3cda7c5bd23cd81d8

Comments