MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 affc3c3ca46081c765bd24a2e1f776086b93e84e0d3d8aed4c1d365be3c4f1bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NanoCore


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: affc3c3ca46081c765bd24a2e1f776086b93e84e0d3d8aed4c1d365be3c4f1bb
SHA3-384 hash: 1180f7d46404700c5d9479f46c08d6f7039ff88b96e44fe5469d42f79b64f3454e281f2faa57fc071db75ba482ae7fc1
SHA1 hash: 68c7f1fec536545b3a00186edba03a0ba2f125b9
MD5 hash: 5c48eb5cb24e651fd660fd8134b7a727
humanhash: speaker-early-arkansas-fruit
File name:2208753-866432.zip
Download: download sample
Signature NanoCore
Create hunting rule
File size:461'216 bytes
First seen:2021-01-30 06:19:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:oDIpELExF9ScST0Duv6dxHG1lqkB1yW+8NjDqa79:os62FjST0WUx/W+8NaK
TLSH 80A423777BB71884D566A5D2EFB3871E8E82C3AFD58EDE0EA3252003F0174475A9414B
Reporter abuse_ch
Tags:NanoCore RAT zip


Avatar
abuse_ch
Malspam distributing NanoCore:

HELO: vps.helitactica.xyz
Sending IP: 203.159.80.22
From: Ewa Laszcz <ewailp@icloud.com>
Reply-To: Ewa Laszcz <sdmarine861000@gmail.com>
Subject: New Order Request for PI..
Attachment: 2208753-866432.zip (contains "2208753-866432.exe")

NanoCore RAT C2:
fgtrert.duckdns.org:4948 (195.20.109.90)

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/affc3c3ca46081c765bd24a2e1f776086b93e84e0d3d8aed4c1d365be3c4f1bb/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-30 06:20:08 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v76dypfemca4ozn5esrod53wbbvzh2cobu6yv3kmdu3fxy6e6g5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/affc3c3ca46081c765bd24a2e1f776086b93e84e0d3d8aed4c1d365be3c4f1bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

NanoCore

zip affc3c3ca46081c765bd24a2e1f776086b93e84e0d3d8aed4c1d365be3c4f1bb

(this sample)

NanoCore

Executable exe c1fe3e56f08c36036a18d891a41fe2b59dbb1b6ba24e0d5237e05ed32c810390

  
Dropping
MD5 9da635ac2ddb4110650e12cf1b49807d
  
Dropping
NanoCore
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1fe3e56f08c36036a18d891a41fe2b59dbb1b6ba24e0d5237e05ed32c810390

Comments